General
-
Target
4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb
-
Size
4.2MB
-
Sample
230125-m37sgahd71
-
MD5
d5f38c43c2b69a76a8cf277d55f8c23f
-
SHA1
2a20856f4ebcfbcd32acc990fa1f8656c93cc609
-
SHA256
4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb
-
SHA512
74bf35d58c79e84b80879c9e0a11ddd80c894bd73a586a18bbd4955fa29a689ce620836af5ffccb915b1acaa379f563552e8153b1b7a9ed5536ff97d2db06fb2
-
SSDEEP
98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R
Static task
static1
Malware Config
Targets
-
-
Target
4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb
-
Size
4.2MB
-
MD5
d5f38c43c2b69a76a8cf277d55f8c23f
-
SHA1
2a20856f4ebcfbcd32acc990fa1f8656c93cc609
-
SHA256
4f4661c95f28894e1d10ea647930a38b05a47d8a5d601bc4803b912574076ffb
-
SHA512
74bf35d58c79e84b80879c9e0a11ddd80c894bd73a586a18bbd4955fa29a689ce620836af5ffccb915b1acaa379f563552e8153b1b7a9ed5536ff97d2db06fb2
-
SSDEEP
98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-