General
-
Target
e9f21ac6affa12efe0337ed20177e31de757fe918caa6ae2daa6301d9db3f1a4
-
Size
4.2MB
-
Sample
230125-mqewxshd5v
-
MD5
da1b80047a1dc944889f6f5dc02e2a0e
-
SHA1
d962371de654faf022e16dc79ff258e1335d9c23
-
SHA256
e9f21ac6affa12efe0337ed20177e31de757fe918caa6ae2daa6301d9db3f1a4
-
SHA512
1d5dba2ec32bd8daaba23c9215d2dbac428537e8e9e63d62f57dbe67ecad88a147db0041cc129881dd7730050c0d5382c0f3627994232f95407f044c0de91ed3
-
SSDEEP
98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R
Static task
static1
Malware Config
Targets
-
-
Target
e9f21ac6affa12efe0337ed20177e31de757fe918caa6ae2daa6301d9db3f1a4
-
Size
4.2MB
-
MD5
da1b80047a1dc944889f6f5dc02e2a0e
-
SHA1
d962371de654faf022e16dc79ff258e1335d9c23
-
SHA256
e9f21ac6affa12efe0337ed20177e31de757fe918caa6ae2daa6301d9db3f1a4
-
SHA512
1d5dba2ec32bd8daaba23c9215d2dbac428537e8e9e63d62f57dbe67ecad88a147db0041cc129881dd7730050c0d5382c0f3627994232f95407f044c0de91ed3
-
SSDEEP
98304:+QH9DqCOTnfsMTHs/SU0koWPkt/OOGKiXMDp1msQL+QOKVb07V0R:+Kjkf7THwfIxGKCMFkZRq0R
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-