General
-
Target
db527dbedcffbb94b740b300c47d0bcce8ae61a10159cfefed545b49f50bba8f
-
Size
4.0MB
-
Sample
221125-l8tx5ahg88
-
MD5
2a885f17626973355a4edd3e31201d40
-
SHA1
20640f31aae64b275e7903130d98ad3d5007d008
-
SHA256
db527dbedcffbb94b740b300c47d0bcce8ae61a10159cfefed545b49f50bba8f
-
SHA512
275cf5273bd18f3d923a6e89f443f6b7f0afa68852dcdb71de4234f867683be2af78a27ef2ad77736ca9c12f238bb98394e27dd40c12648abb94e129f9ac0cd4
-
SSDEEP
98304:ZP944/0pK8V0OWeCVU+cMijaYBJ7f47gG6yTkr:ZP930pfVQnoGYBBw2ikr
Static task
static1
Malware Config
Targets
-
-
Target
db527dbedcffbb94b740b300c47d0bcce8ae61a10159cfefed545b49f50bba8f
-
Size
4.0MB
-
MD5
2a885f17626973355a4edd3e31201d40
-
SHA1
20640f31aae64b275e7903130d98ad3d5007d008
-
SHA256
db527dbedcffbb94b740b300c47d0bcce8ae61a10159cfefed545b49f50bba8f
-
SHA512
275cf5273bd18f3d923a6e89f443f6b7f0afa68852dcdb71de4234f867683be2af78a27ef2ad77736ca9c12f238bb98394e27dd40c12648abb94e129f9ac0cd4
-
SSDEEP
98304:ZP944/0pK8V0OWeCVU+cMijaYBJ7f47gG6yTkr:ZP930pfVQnoGYBBw2ikr
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-