General
-
Target
350393a79bc5ea8f2ea8604df647f0b4e6818ed53f0a0163d32ae21a5692cff4
-
Size
4.1MB
-
Sample
230127-vp8rlsdf8w
-
MD5
a227cab756cc7c78af2a32710ba87d02
-
SHA1
d88c471e8b2cd37ffabf7e6460b9e2ac48f42e71
-
SHA256
350393a79bc5ea8f2ea8604df647f0b4e6818ed53f0a0163d32ae21a5692cff4
-
SHA512
f44ae4e21e99a0fbbf2c33134b4ebcb7c2cd15e693c902ad9a7697d43f798c704080511b970acc629edfa957d3439358dd9ff59ff5e3444ced63afff17c27ab2
-
SSDEEP
49152:Y01aXNTrvJAh35FmtfWfV9rgvkGy136MpbM2z6VaUOuFge56gKvUt/LlErQfC9ZI:c9nJgHm+qubM2zUajreHP+Ef+nUPX+Gf
Static task
static1
Malware Config
Targets
-
-
Target
350393a79bc5ea8f2ea8604df647f0b4e6818ed53f0a0163d32ae21a5692cff4
-
Size
4.1MB
-
MD5
a227cab756cc7c78af2a32710ba87d02
-
SHA1
d88c471e8b2cd37ffabf7e6460b9e2ac48f42e71
-
SHA256
350393a79bc5ea8f2ea8604df647f0b4e6818ed53f0a0163d32ae21a5692cff4
-
SHA512
f44ae4e21e99a0fbbf2c33134b4ebcb7c2cd15e693c902ad9a7697d43f798c704080511b970acc629edfa957d3439358dd9ff59ff5e3444ced63afff17c27ab2
-
SSDEEP
49152:Y01aXNTrvJAh35FmtfWfV9rgvkGy136MpbM2z6VaUOuFge56gKvUt/LlErQfC9ZI:c9nJgHm+qubM2zUajreHP+Ef+nUPX+Gf
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-