General
-
Target
361dec77e232acc88525e97dc5ae6d23fe73afb164421db7f48906d40b309e96
-
Size
4.0MB
-
Sample
220925-kagdpsdhg7
-
MD5
1d61bfc350088a64e66201cb90f7b893
-
SHA1
3223c9ebf5e9aa77472762fd0759fca38cc96fe7
-
SHA256
361dec77e232acc88525e97dc5ae6d23fe73afb164421db7f48906d40b309e96
-
SHA512
827cb458463811b1c26201ea6977e908daea23ba7ce4e2a44fd800cda129f5b3f40b6a5e53266a053b6be80a244238248a166fee3ce7bffcc4f848ae0f5870c3
-
SSDEEP
98304:TRRHuAJnrrZmyxHBwd912+cwX3lLmnUfOKtLneCENxO3ESfaic97A:jHuExhY113lLmUfONCK0XiV6
Static task
static1
Malware Config
Targets
-
-
Target
361dec77e232acc88525e97dc5ae6d23fe73afb164421db7f48906d40b309e96
-
Size
4.0MB
-
MD5
1d61bfc350088a64e66201cb90f7b893
-
SHA1
3223c9ebf5e9aa77472762fd0759fca38cc96fe7
-
SHA256
361dec77e232acc88525e97dc5ae6d23fe73afb164421db7f48906d40b309e96
-
SHA512
827cb458463811b1c26201ea6977e908daea23ba7ce4e2a44fd800cda129f5b3f40b6a5e53266a053b6be80a244238248a166fee3ce7bffcc4f848ae0f5870c3
-
SSDEEP
98304:TRRHuAJnrrZmyxHBwd912+cwX3lLmnUfOKtLneCENxO3ESfaic97A:jHuExhY113lLmUfONCK0XiV6
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-