General
-
Target
d77b1e5c51fc11484a7b9269a81645578be28671e7df7fa58b4c850f9853700d
-
Size
4.2MB
-
Sample
230127-se3rhadc5y
-
MD5
ee291bc39e7ac5cc07bb0bb775865ff8
-
SHA1
4555bb489802462c01249c1c40874fc3dc564132
-
SHA256
d77b1e5c51fc11484a7b9269a81645578be28671e7df7fa58b4c850f9853700d
-
SHA512
52687ac31e2bcbee56866694447b9df23106023797e44190667a41381ff5a7b02e72c2da506dd41ccbfd9aeb136218a22ae06e5d57611b1dafaec3661f61526d
-
SSDEEP
98304:wolgjhUfGhXaVNhvyKT9Ot2himH2rzcg5YwLW2j6H5/mGk:c6LVTtww07wY
Static task
static1
Malware Config
Targets
-
-
Target
d77b1e5c51fc11484a7b9269a81645578be28671e7df7fa58b4c850f9853700d
-
Size
4.2MB
-
MD5
ee291bc39e7ac5cc07bb0bb775865ff8
-
SHA1
4555bb489802462c01249c1c40874fc3dc564132
-
SHA256
d77b1e5c51fc11484a7b9269a81645578be28671e7df7fa58b4c850f9853700d
-
SHA512
52687ac31e2bcbee56866694447b9df23106023797e44190667a41381ff5a7b02e72c2da506dd41ccbfd9aeb136218a22ae06e5d57611b1dafaec3661f61526d
-
SSDEEP
98304:wolgjhUfGhXaVNhvyKT9Ot2himH2rzcg5YwLW2j6H5/mGk:c6LVTtww07wY
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-