General
-
Target
1c920f4a55e89e7cc559fcd880000aeb685f4444d4b7d40614e9f27de7979254
-
Size
4.1MB
-
Sample
230129-r8cazabe92
-
MD5
b358ee0d852701c5a0d570217176317f
-
SHA1
011d69ee458ee6bb7b16867c97afe285abb2fe2c
-
SHA256
1c920f4a55e89e7cc559fcd880000aeb685f4444d4b7d40614e9f27de7979254
-
SHA512
ed3f1dfd6bc4da6b83ab7648e89e76c2fbf4aa0b29287dfe0b772123643458fea9fd9fe18103deab6cdb42067859133e9f87ae406495e476fc527c7befc33dc4
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSw:66CLVm1xky6kIDldQonUQX
Static task
static1
Malware Config
Targets
-
-
Target
1c920f4a55e89e7cc559fcd880000aeb685f4444d4b7d40614e9f27de7979254
-
Size
4.1MB
-
MD5
b358ee0d852701c5a0d570217176317f
-
SHA1
011d69ee458ee6bb7b16867c97afe285abb2fe2c
-
SHA256
1c920f4a55e89e7cc559fcd880000aeb685f4444d4b7d40614e9f27de7979254
-
SHA512
ed3f1dfd6bc4da6b83ab7648e89e76c2fbf4aa0b29287dfe0b772123643458fea9fd9fe18103deab6cdb42067859133e9f87ae406495e476fc527c7befc33dc4
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSw:66CLVm1xky6kIDldQonUQX
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-