General
-
Target
90a8411f5ab48e6c75859e2ee3ac77b07745956a9a4636a811cc1081dbaef624
-
Size
4.2MB
-
Sample
230127-q8eknabd85
-
MD5
238c5f5fb9b0b6d328a75f4231166f6a
-
SHA1
2468b2e5bc21a1ba4399218d198b564b543db426
-
SHA256
90a8411f5ab48e6c75859e2ee3ac77b07745956a9a4636a811cc1081dbaef624
-
SHA512
522037a2590380dcd74d9c4ce20a8ba1f437a5973d3bb850d6a8a393db37b4b6c488c68359090d467450a6d1d0bb18f8adb73b23436022775338c9e81a1f045b
-
SSDEEP
98304:xWNB1CbqzpS91CEidw2BD2iflouVXpE4+4aRUCF9G2:O1oM8XidBT9oI53raRd
Static task
static1
Malware Config
Targets
-
-
Target
90a8411f5ab48e6c75859e2ee3ac77b07745956a9a4636a811cc1081dbaef624
-
Size
4.2MB
-
MD5
238c5f5fb9b0b6d328a75f4231166f6a
-
SHA1
2468b2e5bc21a1ba4399218d198b564b543db426
-
SHA256
90a8411f5ab48e6c75859e2ee3ac77b07745956a9a4636a811cc1081dbaef624
-
SHA512
522037a2590380dcd74d9c4ce20a8ba1f437a5973d3bb850d6a8a393db37b4b6c488c68359090d467450a6d1d0bb18f8adb73b23436022775338c9e81a1f045b
-
SSDEEP
98304:xWNB1CbqzpS91CEidw2BD2iflouVXpE4+4aRUCF9G2:O1oM8XidBT9oI53raRd
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-