General
-
Target
a4684443813e21936a8a82af834ae1988045b81e66ea34683837eaabc93d7b3a
-
Size
4.1MB
-
Sample
230128-apnq8afa2t
-
MD5
53a1250787f2da8bf39fc8669642228d
-
SHA1
0c2964c738d23f24c8bf53d0ee2c0f5ec5fc1595
-
SHA256
a4684443813e21936a8a82af834ae1988045b81e66ea34683837eaabc93d7b3a
-
SHA512
76f2f0575da2aa84e0a8973db4d45ba7a87563aa180bc5101b401ad4d588eb4c9f1fb62c74211a547086ec7a8daff68f2a0bdb885fcded52c770c7c25a92a23b
-
SSDEEP
98304:H5tCfexSqFjY6mzBi16X+LmEVaMYXj3VvVQ:ufeXdY6mzBiQrQ
Static task
static1
Malware Config
Targets
-
-
Target
a4684443813e21936a8a82af834ae1988045b81e66ea34683837eaabc93d7b3a
-
Size
4.1MB
-
MD5
53a1250787f2da8bf39fc8669642228d
-
SHA1
0c2964c738d23f24c8bf53d0ee2c0f5ec5fc1595
-
SHA256
a4684443813e21936a8a82af834ae1988045b81e66ea34683837eaabc93d7b3a
-
SHA512
76f2f0575da2aa84e0a8973db4d45ba7a87563aa180bc5101b401ad4d588eb4c9f1fb62c74211a547086ec7a8daff68f2a0bdb885fcded52c770c7c25a92a23b
-
SSDEEP
98304:H5tCfexSqFjY6mzBi16X+LmEVaMYXj3VvVQ:ufeXdY6mzBiQrQ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-