General
-
Target
208b9bce844a2f33d8cd090740fdc78a076666d1ff42890726870d2419083cf4
-
Size
4.1MB
-
Sample
230129-r5tqvach3t
-
MD5
5ebb79863958f627e5f07a2c34e01c4d
-
SHA1
13053a64ac412f75b7d2dd9e08ec6a65cd723654
-
SHA256
208b9bce844a2f33d8cd090740fdc78a076666d1ff42890726870d2419083cf4
-
SHA512
d6b113beb7d84d44b1188560eef01271a32c7dbcbcf753142581e91321d64fd062592e109625a992f3963dd1c226318437e1f22503f3e4c8c74881b0a7b651d3
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSo:66CLVm1xky6kIDldQonUQv
Static task
static1
Malware Config
Targets
-
-
Target
208b9bce844a2f33d8cd090740fdc78a076666d1ff42890726870d2419083cf4
-
Size
4.1MB
-
MD5
5ebb79863958f627e5f07a2c34e01c4d
-
SHA1
13053a64ac412f75b7d2dd9e08ec6a65cd723654
-
SHA256
208b9bce844a2f33d8cd090740fdc78a076666d1ff42890726870d2419083cf4
-
SHA512
d6b113beb7d84d44b1188560eef01271a32c7dbcbcf753142581e91321d64fd062592e109625a992f3963dd1c226318437e1f22503f3e4c8c74881b0a7b651d3
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSo:66CLVm1xky6kIDldQonUQv
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-