General
-
Target
128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
-
Size
4.0MB
-
Sample
221129-q279dseb86
-
MD5
72b378c72d0fc9176c96a69d4ea7a965
-
SHA1
34985a7b6a36b45ea74744e9edaec3866bb9731d
-
SHA256
128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
-
SHA512
3348754817a631c8839be0662ea60b7e5b9f928352b3f0bd7419e59c1b6ec21d329ac44f7522b5583f92d1f063dd4c48eeb5f67b3bac145c0dc5189f89ec06bf
-
SSDEEP
98304:sr5WBbM4/UgykGxAEmn40zHMO2hC5J7yOhyeFPcpoXqAN1ZXmGpk:sr56MRgykG1c4wUhC55yOTxcpTeZXrS
Static task
static1
Malware Config
Targets
-
-
Target
128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
-
Size
4.0MB
-
MD5
72b378c72d0fc9176c96a69d4ea7a965
-
SHA1
34985a7b6a36b45ea74744e9edaec3866bb9731d
-
SHA256
128aede417aaef0eb82551c65333eeccb2664c036b98293cd4202fe056a21df9
-
SHA512
3348754817a631c8839be0662ea60b7e5b9f928352b3f0bd7419e59c1b6ec21d329ac44f7522b5583f92d1f063dd4c48eeb5f67b3bac145c0dc5189f89ec06bf
-
SSDEEP
98304:sr5WBbM4/UgykGxAEmn40zHMO2hC5J7yOhyeFPcpoXqAN1ZXmGpk:sr56MRgykG1c4wUhC55yOTxcpTeZXrS
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-