General
-
Target
0104e2b9f8bc767d5cad63c985673e6300ea81dbff98ffa8359f8f6fb33e385a
-
Size
4.0MB
-
Sample
220923-plgwtsaahr
-
MD5
e2f0aad867ba6736ab02bb804a2eeb4c
-
SHA1
f5b2d67201ba4dcc731daadab420bdd26bd721fc
-
SHA256
0104e2b9f8bc767d5cad63c985673e6300ea81dbff98ffa8359f8f6fb33e385a
-
SHA512
984480ad63798d316eba5ce306b02ae15dac2c2470576194406957c233803eaf44472597e92ac881cbdad1ca6d10db0cead22ffbf3ceb1254d741b63ed3a860a
-
SSDEEP
98304:3NmOf2aYQHUFoNQWAonhkaKmLNUTkgy71fDfUxZAMLZyvd:9mOBHUFoaWfnCmZv7lDMZZZA
Static task
static1
Malware Config
Targets
-
-
Target
0104e2b9f8bc767d5cad63c985673e6300ea81dbff98ffa8359f8f6fb33e385a
-
Size
4.0MB
-
MD5
e2f0aad867ba6736ab02bb804a2eeb4c
-
SHA1
f5b2d67201ba4dcc731daadab420bdd26bd721fc
-
SHA256
0104e2b9f8bc767d5cad63c985673e6300ea81dbff98ffa8359f8f6fb33e385a
-
SHA512
984480ad63798d316eba5ce306b02ae15dac2c2470576194406957c233803eaf44472597e92ac881cbdad1ca6d10db0cead22ffbf3ceb1254d741b63ed3a860a
-
SSDEEP
98304:3NmOf2aYQHUFoNQWAonhkaKmLNUTkgy71fDfUxZAMLZyvd:9mOBHUFoaWfnCmZv7lDMZZZA
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-