General
-
Target
68b596b78507f2715914793216e158d399f3b7b15d15b5d4fcb113b3dcf4950d
-
Size
4.0MB
-
Sample
221201-vfhttshd83
-
MD5
90cf0aba06fe5a07fe736010b6a23c68
-
SHA1
877e5d062a6d388103f0f4a774b652eb2d2da84b
-
SHA256
68b596b78507f2715914793216e158d399f3b7b15d15b5d4fcb113b3dcf4950d
-
SHA512
2e22741aa6176fcd6afc9ca465e4678a42a83730f3e834d4a21691839c2b9471ee943f91a642a7903cb7beea6e00e193fbc7bc43073c62b311da4c6eb51588d6
-
SSDEEP
98304:9GuwnOrIxzs2MUtqRe1j144Fc46eLvkZ8pfJ+1kyBEE/4rj11ijQQkBh:9kEHA144F3rJpxIBENjDijhkT
Static task
static1
Malware Config
Targets
-
-
Target
68b596b78507f2715914793216e158d399f3b7b15d15b5d4fcb113b3dcf4950d
-
Size
4.0MB
-
MD5
90cf0aba06fe5a07fe736010b6a23c68
-
SHA1
877e5d062a6d388103f0f4a774b652eb2d2da84b
-
SHA256
68b596b78507f2715914793216e158d399f3b7b15d15b5d4fcb113b3dcf4950d
-
SHA512
2e22741aa6176fcd6afc9ca465e4678a42a83730f3e834d4a21691839c2b9471ee943f91a642a7903cb7beea6e00e193fbc7bc43073c62b311da4c6eb51588d6
-
SSDEEP
98304:9GuwnOrIxzs2MUtqRe1j144Fc46eLvkZ8pfJ+1kyBEE/4rj11ijQQkBh:9kEHA144F3rJpxIBENjDijhkT
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-