General
-
Target
9ff7263291eb0cf89d55d77ab49428eba3f91e18c82416f39438fcb29543bcca
-
Size
4.0MB
-
Sample
221127-cn99yafh61
-
MD5
313b81bce65f24a2d7bb306dd8a6f47f
-
SHA1
59300fb850b18d61bc3351dbbbb14797ea4f1b93
-
SHA256
9ff7263291eb0cf89d55d77ab49428eba3f91e18c82416f39438fcb29543bcca
-
SHA512
f966c2d01652bb557ece8612f959b272ff3561a6c0898d6094ab937ca20882d27765904841d7297d0aa91ce3cef04363d7e78692a40d62f1cb2b23b0680422a4
-
SSDEEP
98304:gHZGf1P4d8mJkOZcrOiyqlQPDUj1I6pm41h4GG:gH89PRmJpqrO+QPDUpI6Q8OB
Static task
static1
Malware Config
Targets
-
-
Target
9ff7263291eb0cf89d55d77ab49428eba3f91e18c82416f39438fcb29543bcca
-
Size
4.0MB
-
MD5
313b81bce65f24a2d7bb306dd8a6f47f
-
SHA1
59300fb850b18d61bc3351dbbbb14797ea4f1b93
-
SHA256
9ff7263291eb0cf89d55d77ab49428eba3f91e18c82416f39438fcb29543bcca
-
SHA512
f966c2d01652bb557ece8612f959b272ff3561a6c0898d6094ab937ca20882d27765904841d7297d0aa91ce3cef04363d7e78692a40d62f1cb2b23b0680422a4
-
SSDEEP
98304:gHZGf1P4d8mJkOZcrOiyqlQPDUj1I6pm41h4GG:gH89PRmJpqrO+QPDUpI6Q8OB
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-