General
-
Target
3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
-
Size
4.1MB
-
Sample
230127-y246qsed5x
-
MD5
5e995dec2c74d50812aceea4de782f51
-
SHA1
128710317ac7b528030236488b529fe8063a6e8a
-
SHA256
3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
-
SHA512
fc4db5c1a1db19990e6e169f546651f53ef85e9cfa1d0b386a34501299bc7f06b8df6db59cf95df3d49c687f7f89c37772cc11fc52c3e070efa89d40037ec8cd
-
SSDEEP
98304:hRw5XPUe62fG7d7Rik3k6ckpmwz5Om7s4kk4cXF15DFwPVf:hR076J7ddik3Vjv44Z4cX75Ef
Static task
static1
Malware Config
Targets
-
-
Target
3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
-
Size
4.1MB
-
MD5
5e995dec2c74d50812aceea4de782f51
-
SHA1
128710317ac7b528030236488b529fe8063a6e8a
-
SHA256
3e87b7dda93ee02678a9c1dd39bbd3b0d56c96c60952a1d6c3390374d35c7c21
-
SHA512
fc4db5c1a1db19990e6e169f546651f53ef85e9cfa1d0b386a34501299bc7f06b8df6db59cf95df3d49c687f7f89c37772cc11fc52c3e070efa89d40037ec8cd
-
SSDEEP
98304:hRw5XPUe62fG7d7Rik3k6ckpmwz5Om7s4kk4cXF15DFwPVf:hR076J7ddik3Vjv44Z4cX75Ef
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-