General
-
Target
7126a763a2d51ceb951ec1052d0dfb5b6ba8db93de83fe1dd717086c3eeece86
-
Size
4.1MB
-
Sample
230129-1bj4zsdd73
-
MD5
7e9af71969cb368649e2880aaba9f9f4
-
SHA1
bca783382b09c854cf6ab719c0627fb45d2660b8
-
SHA256
7126a763a2d51ceb951ec1052d0dfb5b6ba8db93de83fe1dd717086c3eeece86
-
SHA512
6c3440315202f63fe101f8d38305fc6194aa7254e52900c72646ed4fcbfec9142db539adb666ab59202bae8efc5a8e1e7ec500bf0f639653b13443e33fdc093e
-
SSDEEP
98304:5DuoQsO6tP6jPuZhekZZnBMvh/lzshv+1VnZxM:tuEftOEDrnwrzs5MBc
Static task
static1
Malware Config
Targets
-
-
Target
7126a763a2d51ceb951ec1052d0dfb5b6ba8db93de83fe1dd717086c3eeece86
-
Size
4.1MB
-
MD5
7e9af71969cb368649e2880aaba9f9f4
-
SHA1
bca783382b09c854cf6ab719c0627fb45d2660b8
-
SHA256
7126a763a2d51ceb951ec1052d0dfb5b6ba8db93de83fe1dd717086c3eeece86
-
SHA512
6c3440315202f63fe101f8d38305fc6194aa7254e52900c72646ed4fcbfec9142db539adb666ab59202bae8efc5a8e1e7ec500bf0f639653b13443e33fdc093e
-
SSDEEP
98304:5DuoQsO6tP6jPuZhekZZnBMvh/lzshv+1VnZxM:tuEftOEDrnwrzs5MBc
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-