General
-
Target
66d1b3771f60732bfafea7f4c334eaa78048cd5351270179e8083052fffdd5d3
-
Size
156KB
-
Sample
221129-j9tmmsbh45
-
MD5
0598f36802ead7a73daf75b69a311200
-
SHA1
6d4ffb3056da0acb97221a03d12fb8679df13ae1
-
SHA256
66d1b3771f60732bfafea7f4c334eaa78048cd5351270179e8083052fffdd5d3
-
SHA512
96491ab7c59e9aea60d61e12c7f836f5ae67ce73690f5db4e15cb959d8c8db066353bd6e3fb64516ce2eb5f95a8bc6a3820a1f59da584c92f9b471ce4d447c2d
-
SSDEEP
3072:1R43bDohYpiuNORrppWhC1boZdv07yPaeaxxl58zXQmU1J0F:f43bDohY3O1ppgC1boZFun3/l58zgR+F
Malware Config
Targets
-
-
Target
66d1b3771f60732bfafea7f4c334eaa78048cd5351270179e8083052fffdd5d3
-
Size
156KB
-
MD5
0598f36802ead7a73daf75b69a311200
-
SHA1
6d4ffb3056da0acb97221a03d12fb8679df13ae1
-
SHA256
66d1b3771f60732bfafea7f4c334eaa78048cd5351270179e8083052fffdd5d3
-
SHA512
96491ab7c59e9aea60d61e12c7f836f5ae67ce73690f5db4e15cb959d8c8db066353bd6e3fb64516ce2eb5f95a8bc6a3820a1f59da584c92f9b471ce4d447c2d
-
SSDEEP
3072:1R43bDohYpiuNORrppWhC1boZdv07yPaeaxxl58zXQmU1J0F:f43bDohY3O1ppgC1boZFun3/l58zgR+F
Score10/10-
Modifies firewall policy service
-
Modifies security service
-
Sets service image path in registry
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-