General
-
Target
5b98faf3d4988c52e036de1d9588228048e16149a409fda0f84246c0b157c46d
-
Size
4.0MB
-
Sample
221129-zmpyyaeh47
-
MD5
b309073c669faa75d55bd89539adb830
-
SHA1
401b5f50c24974543dcf21c6e31c27c87a736799
-
SHA256
5b98faf3d4988c52e036de1d9588228048e16149a409fda0f84246c0b157c46d
-
SHA512
c821dc522fa7f6e871d90fb78e4cca6848c1b4ab26eecb7705f48be98a9c8367d32ffdd1128616ed00a086065e6c2358377a65e1bfe32a72f0d89abeeaf289c9
-
SSDEEP
98304:g8WZHtCZvpwqqrTLURS1viT/NOhUFXAGKLOZOAEWSHr3puMcF:g80Ht2h0TLUei/eLsOAE9wF
Static task
static1
Malware Config
Targets
-
-
Target
5b98faf3d4988c52e036de1d9588228048e16149a409fda0f84246c0b157c46d
-
Size
4.0MB
-
MD5
b309073c669faa75d55bd89539adb830
-
SHA1
401b5f50c24974543dcf21c6e31c27c87a736799
-
SHA256
5b98faf3d4988c52e036de1d9588228048e16149a409fda0f84246c0b157c46d
-
SHA512
c821dc522fa7f6e871d90fb78e4cca6848c1b4ab26eecb7705f48be98a9c8367d32ffdd1128616ed00a086065e6c2358377a65e1bfe32a72f0d89abeeaf289c9
-
SSDEEP
98304:g8WZHtCZvpwqqrTLURS1viT/NOhUFXAGKLOZOAEWSHr3puMcF:g80Ht2h0TLUei/eLsOAE9wF
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-