General
-
Target
1f4ea42b93e73132bade2c25b06dcc01a2f2c6080c14ac90c1d2601491203622
-
Size
4.0MB
-
Sample
221129-3zcqxsae33
-
MD5
1cbe3f34ef1dacdd2b8bc7c8772d9e30
-
SHA1
bef180515ccc9aa15ae5980a0ac1626cefb27dd0
-
SHA256
1f4ea42b93e73132bade2c25b06dcc01a2f2c6080c14ac90c1d2601491203622
-
SHA512
8b4c65d1239e7bd00ceb870805a52c3538c3da37bd47e1920aa8d1c9708617b88a6395559c34a66ee985cfef368aabe3618c99093c1ce4161c84a759d86b9b36
-
SSDEEP
98304:g2C8+uRlyAeY/W3elmBu4aCRL5eJ5MSVKxGS59cDgAF4kJ:UFFcR/6L5eJ5hVK8EmPC8
Static task
static1
Malware Config
Targets
-
-
Target
1f4ea42b93e73132bade2c25b06dcc01a2f2c6080c14ac90c1d2601491203622
-
Size
4.0MB
-
MD5
1cbe3f34ef1dacdd2b8bc7c8772d9e30
-
SHA1
bef180515ccc9aa15ae5980a0ac1626cefb27dd0
-
SHA256
1f4ea42b93e73132bade2c25b06dcc01a2f2c6080c14ac90c1d2601491203622
-
SHA512
8b4c65d1239e7bd00ceb870805a52c3538c3da37bd47e1920aa8d1c9708617b88a6395559c34a66ee985cfef368aabe3618c99093c1ce4161c84a759d86b9b36
-
SSDEEP
98304:g2C8+uRlyAeY/W3elmBu4aCRL5eJ5MSVKxGS59cDgAF4kJ:UFFcR/6L5eJ5hVK8EmPC8
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-