General
-
Target
73ca1b883ca651b3d6274fa35701ba864610ec6a0b3b0e35be72d76b82406766
-
Size
4.1MB
-
Sample
230129-j3f3zage8y
-
MD5
44c03bb7d52b9414de6e45ca11ce794c
-
SHA1
4cc89bb374a6248cfc28be86f4202bb7d3e49cd7
-
SHA256
73ca1b883ca651b3d6274fa35701ba864610ec6a0b3b0e35be72d76b82406766
-
SHA512
71e8d7a831a48d2fe04c8e87a8e59942d6c179437466038e82dd16f1bff5bce60f6523fd2120f1987b1fc0a9c3e9a273ffcf2b9366ecbaf148dbd9e7425e920f
-
SSDEEP
98304:k5yI0SOgapeVXm3qHpKY0heUlhvM2rnyIPCcNWYl06mRSl:kP0ngHXPHpD0U6nBPss
Static task
static1
Malware Config
Targets
-
-
Target
73ca1b883ca651b3d6274fa35701ba864610ec6a0b3b0e35be72d76b82406766
-
Size
4.1MB
-
MD5
44c03bb7d52b9414de6e45ca11ce794c
-
SHA1
4cc89bb374a6248cfc28be86f4202bb7d3e49cd7
-
SHA256
73ca1b883ca651b3d6274fa35701ba864610ec6a0b3b0e35be72d76b82406766
-
SHA512
71e8d7a831a48d2fe04c8e87a8e59942d6c179437466038e82dd16f1bff5bce60f6523fd2120f1987b1fc0a9c3e9a273ffcf2b9366ecbaf148dbd9e7425e920f
-
SSDEEP
98304:k5yI0SOgapeVXm3qHpKY0heUlhvM2rnyIPCcNWYl06mRSl:kP0ngHXPHpD0U6nBPss
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-