General
-
Target
8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
-
Size
4.1MB
-
Sample
221009-cmb1ragbb4
-
MD5
4d496d6b2823af81c91e50092da29333
-
SHA1
edbdf93b059c051bb65b1289ecdc2ee8eee02916
-
SHA256
8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
-
SHA512
ff78a363d5b6f53e8aa7ce42f60a648596aa8433a4cc0fcbecb721a957bd0f187246e82e8c84529b96b04929573e8eab085ccf8814da71c8c6e56b7ff6a91f42
-
SSDEEP
98304:uYihGjFuRUho4klWuEnfuFxbs/RBovcN2flXlu:XihGERUSIumuFq/RBovY2NXY
Static task
static1
Malware Config
Targets
-
-
Target
8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
-
Size
4.1MB
-
MD5
4d496d6b2823af81c91e50092da29333
-
SHA1
edbdf93b059c051bb65b1289ecdc2ee8eee02916
-
SHA256
8ab6014dffcab59a47780578dc8f3b06c36f68e618eb443ceea1ca70b9923845
-
SHA512
ff78a363d5b6f53e8aa7ce42f60a648596aa8433a4cc0fcbecb721a957bd0f187246e82e8c84529b96b04929573e8eab085ccf8814da71c8c6e56b7ff6a91f42
-
SSDEEP
98304:uYihGjFuRUho4klWuEnfuFxbs/RBovcN2flXlu:XihGERUSIumuFq/RBovY2NXY
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-