General
-
Target
560b98b3550a5c840a2227c73d2924b0abc63000d3f5d3f1962fd80b4536ff4b
-
Size
4.2MB
-
Sample
221012-mk8baadcd8
-
MD5
cdb9fe2839593d4b30c9aba12a895af7
-
SHA1
8b4dc3dc12578eef1c489978b841cba94666a5a6
-
SHA256
560b98b3550a5c840a2227c73d2924b0abc63000d3f5d3f1962fd80b4536ff4b
-
SHA512
699b785b4f1c19cfd68471d3a2adcbba37f19e01348e5d81bce56784c4224fa4d614e6976dcb645e1b2686b1a1146c11377a9c8cf59d44de707337db67baadea
-
SSDEEP
98304:h8faBUpm4C7DqNk9om0g1TyVg9E2WVtGeqSNVT4gCsiIsFGHyN:eSug40bV0cTC4E5oCNSImN
Static task
static1
Malware Config
Targets
-
-
Target
560b98b3550a5c840a2227c73d2924b0abc63000d3f5d3f1962fd80b4536ff4b
-
Size
4.2MB
-
MD5
cdb9fe2839593d4b30c9aba12a895af7
-
SHA1
8b4dc3dc12578eef1c489978b841cba94666a5a6
-
SHA256
560b98b3550a5c840a2227c73d2924b0abc63000d3f5d3f1962fd80b4536ff4b
-
SHA512
699b785b4f1c19cfd68471d3a2adcbba37f19e01348e5d81bce56784c4224fa4d614e6976dcb645e1b2686b1a1146c11377a9c8cf59d44de707337db67baadea
-
SSDEEP
98304:h8faBUpm4C7DqNk9om0g1TyVg9E2WVtGeqSNVT4gCsiIsFGHyN:eSug40bV0cTC4E5oCNSImN
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-