General
-
Target
640651b79f6d547841923f6f6efe3c7b50e049c3255104e11127d421a35642b5
-
Size
4.0MB
-
Sample
221127-vywhmshh8v
-
MD5
877b75b62fd996beb454e4dd70dab212
-
SHA1
589a70715721dbd696e3da892cc2ce259d6a983b
-
SHA256
640651b79f6d547841923f6f6efe3c7b50e049c3255104e11127d421a35642b5
-
SHA512
54891c671fdf2f11defeec7671e7d0f6e7ecd42aa2580ac3d2c20c7ada929a6d5baedc973f3205b7946ad2add8eb263ee808ac441cabf0e72fe98ecd0768c0ae
-
SSDEEP
98304:4uLmXhgz708dw3V0siVYc+krWpC/QZnBBuXxXR8QpK:NyXhgFdwcBbrX/Q16XR8QpK
Static task
static1
Malware Config
Targets
-
-
Target
640651b79f6d547841923f6f6efe3c7b50e049c3255104e11127d421a35642b5
-
Size
4.0MB
-
MD5
877b75b62fd996beb454e4dd70dab212
-
SHA1
589a70715721dbd696e3da892cc2ce259d6a983b
-
SHA256
640651b79f6d547841923f6f6efe3c7b50e049c3255104e11127d421a35642b5
-
SHA512
54891c671fdf2f11defeec7671e7d0f6e7ecd42aa2580ac3d2c20c7ada929a6d5baedc973f3205b7946ad2add8eb263ee808ac441cabf0e72fe98ecd0768c0ae
-
SSDEEP
98304:4uLmXhgz708dw3V0siVYc+krWpC/QZnBBuXxXR8QpK:NyXhgFdwcBbrX/Q16XR8QpK
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-