General
-
Target
6a497860ff84e22bbe5882f3c495ca2ed8f4b17e2d869ce2cdf31becda3e68a1
-
Size
4.1MB
-
Sample
221128-t5g36adc71
-
MD5
d6f5ad5097cae9aa01ae1bc51e0f2cc1
-
SHA1
86cce13002518d41a9bde00ab8c3a75635130a01
-
SHA256
6a497860ff84e22bbe5882f3c495ca2ed8f4b17e2d869ce2cdf31becda3e68a1
-
SHA512
77d95b3a1a4232783abc7e76e4a3e600d0b140c3975ef6cc7302d52cc9565928b2740b44cdaf3dc36d5a3b3ddc3df4b345614bffd71c3548e3621a6984e9225c
-
SSDEEP
98304:T19tj1+dPlhxiAJGcjh6mwNrpGYwoOq427hJw8r2LXD79:T19yPzmucmwVpGqO0hXqHJ
Static task
static1
Malware Config
Targets
-
-
Target
6a497860ff84e22bbe5882f3c495ca2ed8f4b17e2d869ce2cdf31becda3e68a1
-
Size
4.1MB
-
MD5
d6f5ad5097cae9aa01ae1bc51e0f2cc1
-
SHA1
86cce13002518d41a9bde00ab8c3a75635130a01
-
SHA256
6a497860ff84e22bbe5882f3c495ca2ed8f4b17e2d869ce2cdf31becda3e68a1
-
SHA512
77d95b3a1a4232783abc7e76e4a3e600d0b140c3975ef6cc7302d52cc9565928b2740b44cdaf3dc36d5a3b3ddc3df4b345614bffd71c3548e3621a6984e9225c
-
SSDEEP
98304:T19tj1+dPlhxiAJGcjh6mwNrpGYwoOq427hJw8r2LXD79:T19yPzmucmwVpGqO0hXqHJ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-