General
-
Target
269b572e92af7f699e73729447572395d70f4028b0d4b072afa623c2dc32f1c0
-
Size
4.1MB
-
Sample
230129-r8syqada21
-
MD5
e50392861868cfecc1922c2a250395c7
-
SHA1
020a922861dd7b9fc290199c2e4a34b132ca4199
-
SHA256
269b572e92af7f699e73729447572395d70f4028b0d4b072afa623c2dc32f1c0
-
SHA512
fc11df9f40159d55c62383c85d147cb1ef4b361457185c12b9dc1d498d1450437ac12254ec944bd712526acf0a5f707dd00c311b87fee7bfb0b71083b00ca98f
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSE:66CLVm1xky6kIDldQonUQ/
Static task
static1
Malware Config
Targets
-
-
Target
269b572e92af7f699e73729447572395d70f4028b0d4b072afa623c2dc32f1c0
-
Size
4.1MB
-
MD5
e50392861868cfecc1922c2a250395c7
-
SHA1
020a922861dd7b9fc290199c2e4a34b132ca4199
-
SHA256
269b572e92af7f699e73729447572395d70f4028b0d4b072afa623c2dc32f1c0
-
SHA512
fc11df9f40159d55c62383c85d147cb1ef4b361457185c12b9dc1d498d1450437ac12254ec944bd712526acf0a5f707dd00c311b87fee7bfb0b71083b00ca98f
-
SSDEEP
98304:Le/yNGDe2t1fm1xky6kLiWwDldOXe8InTkCgkDQiSE:66CLVm1xky6kIDldQonUQ/
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-