General
-
Target
651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
-
Size
4.2MB
-
Sample
221012-g6jxxscfh8
-
MD5
a6b6a83efe363a24a177ad2ecfdad04b
-
SHA1
c9eed6963b58ad0f731c9f54ff605d0d4cd9162e
-
SHA256
651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
-
SHA512
2f0aee234308b62adb8657eb7ecda69d98d2a6f8630e36a68ce2182243563e9c0646d5330969437ad45c5613998e30e49ea9a5d6994e2c9b248d8f83724e9c35
-
SSDEEP
98304:cQp30HOnxqh6zFKV4lrMpqoYsJAL0y6nCB6q8Ve:P+h6hKGrM0RsKL0ye4b8Ve
Static task
static1
Malware Config
Targets
-
-
Target
651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
-
Size
4.2MB
-
MD5
a6b6a83efe363a24a177ad2ecfdad04b
-
SHA1
c9eed6963b58ad0f731c9f54ff605d0d4cd9162e
-
SHA256
651c502d976bae4b0bbe40fa7198e1f5f286c64870c842d97312ea837754f001
-
SHA512
2f0aee234308b62adb8657eb7ecda69d98d2a6f8630e36a68ce2182243563e9c0646d5330969437ad45c5613998e30e49ea9a5d6994e2c9b248d8f83724e9c35
-
SSDEEP
98304:cQp30HOnxqh6zFKV4lrMpqoYsJAL0y6nCB6q8Ve:P+h6hKGrM0RsKL0ye4b8Ve
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-