General
-
Target
3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a
-
Size
4.1MB
-
Sample
230128-vpqk2afd58
-
MD5
a778f7836f33468337f140242c58f646
-
SHA1
d217a4913a71dc2f29bee6655b7da19a2cf080d5
-
SHA256
3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a
-
SHA512
562d53064dfc6ea4f537c047e64b706fdb0689f5f5f4905e1ff1ff22ccb7ac5218af5dad3d9cbaee89692f6715c84698d1ca60011d9f7a2e8ebdf43ff1a01c2d
-
SSDEEP
98304:SOqXoLnq2a4kzk80+Jgz05f0n5vgckPLYUCi3dhMgyJVieN9MZIehaGh6EFur6XD:S5Xinq3JIYJ40y5vVkPLNoVieN9MZPI4
Static task
static1
Malware Config
Targets
-
-
Target
3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a
-
Size
4.1MB
-
MD5
a778f7836f33468337f140242c58f646
-
SHA1
d217a4913a71dc2f29bee6655b7da19a2cf080d5
-
SHA256
3dafbbc3ae120a443723eb65c878648830a3e60ab3aa8de7c4a6f3edf14e421a
-
SHA512
562d53064dfc6ea4f537c047e64b706fdb0689f5f5f4905e1ff1ff22ccb7ac5218af5dad3d9cbaee89692f6715c84698d1ca60011d9f7a2e8ebdf43ff1a01c2d
-
SSDEEP
98304:SOqXoLnq2a4kzk80+Jgz05f0n5vgckPLYUCi3dhMgyJVieN9MZIehaGh6EFur6XD:S5Xinq3JIYJ40y5vVkPLNoVieN9MZPI4
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-