General
-
Target
94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28
-
Size
4.0MB
-
Sample
221201-j5fj8aaa85
-
MD5
47a8a5bb877055edd0a38e66aca3bbce
-
SHA1
f4de6b8d24c44b500a528613a49b124d4594ccad
-
SHA256
94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28
-
SHA512
b28382156a2f17e3c44d896e9bcb36bd40f5932fd3dc039389311b4700980ab4ba769e824f47f4826c35cc30d8799d1a484433b37cb0707b1b32f42807602963
-
SSDEEP
98304:hoAWptSMcOpQAYw9jjKLF3d0f1csFgJEsrVW5MC6:hoAWnnlB9Xot2srVgM7
Static task
static1
Malware Config
Targets
-
-
Target
94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28
-
Size
4.0MB
-
MD5
47a8a5bb877055edd0a38e66aca3bbce
-
SHA1
f4de6b8d24c44b500a528613a49b124d4594ccad
-
SHA256
94e664bf0900cbee10ff9a8a014146713c9a9534969d7c2d32c35d6d44172a28
-
SHA512
b28382156a2f17e3c44d896e9bcb36bd40f5932fd3dc039389311b4700980ab4ba769e824f47f4826c35cc30d8799d1a484433b37cb0707b1b32f42807602963
-
SSDEEP
98304:hoAWptSMcOpQAYw9jjKLF3d0f1csFgJEsrVW5MC6:hoAWnnlB9Xot2srVgM7
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-