General
-
Target
6ae4b11d6734d76a67c265057e75c1b60b7fe7c56b72283cfd168f5d845863fe
-
Size
4.0MB
-
Sample
221127-pqyedacb31
-
MD5
022034c6ce461d6dc9a8098f78c6b585
-
SHA1
0dbf47b61bb488ba07679d93af87f453ec176d22
-
SHA256
6ae4b11d6734d76a67c265057e75c1b60b7fe7c56b72283cfd168f5d845863fe
-
SHA512
a0bf4902076eedec1cf16bcd7d13e060a9fe768129fecdd5327d9bab6d48d21c9d6b6cb91d3014588e437659d1d34e49f2bd95087e77c2f72eb40dee9e3f6d5d
-
SSDEEP
98304:y4OQV0hnN5ryqrJyn3n0cQylC877BRARShzn2xa4lZiz:y4OQVmHrVJKEiC8pRAchzn24oZiz
Static task
static1
Malware Config
Targets
-
-
Target
6ae4b11d6734d76a67c265057e75c1b60b7fe7c56b72283cfd168f5d845863fe
-
Size
4.0MB
-
MD5
022034c6ce461d6dc9a8098f78c6b585
-
SHA1
0dbf47b61bb488ba07679d93af87f453ec176d22
-
SHA256
6ae4b11d6734d76a67c265057e75c1b60b7fe7c56b72283cfd168f5d845863fe
-
SHA512
a0bf4902076eedec1cf16bcd7d13e060a9fe768129fecdd5327d9bab6d48d21c9d6b6cb91d3014588e437659d1d34e49f2bd95087e77c2f72eb40dee9e3f6d5d
-
SSDEEP
98304:y4OQV0hnN5ryqrJyn3n0cQylC877BRARShzn2xa4lZiz:y4OQVmHrVJKEiC8pRAchzn24oZiz
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-