General
-
Target
bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
-
Size
4.1MB
-
Sample
230128-jv3l1afh2w
-
MD5
d900801776499f1fa1de4b6a151da5a7
-
SHA1
c3539c0425ea64e2694486c3e4726e078ce473bb
-
SHA256
bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
-
SHA512
41387fb01f1d1d09ad2dd8a69844eae153abf7c153c945108002782debc2115077bdb18a1d0f3410253308bd2961f889e084166bf5ba1eab813c71fb3a4302f4
-
SSDEEP
98304:2Dpb+9m8RDbKHP++ZVpbcRkaPx50KXTXa/b3:Sp83S/bcRJIKXTKj
Static task
static1
Malware Config
Targets
-
-
Target
bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
-
Size
4.1MB
-
MD5
d900801776499f1fa1de4b6a151da5a7
-
SHA1
c3539c0425ea64e2694486c3e4726e078ce473bb
-
SHA256
bbdb536c732220ecdef39b497a41d62ff07bfd57842d1f2f61e642a087e5e515
-
SHA512
41387fb01f1d1d09ad2dd8a69844eae153abf7c153c945108002782debc2115077bdb18a1d0f3410253308bd2961f889e084166bf5ba1eab813c71fb3a4302f4
-
SSDEEP
98304:2Dpb+9m8RDbKHP++ZVpbcRkaPx50KXTXa/b3:Sp83S/bcRJIKXTKj
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-