General
-
Target
1d12e2a1af0e041106a113a75df76c4d781000b23083f82e7022a51009ed449f
-
Size
4.1MB
-
Sample
230129-whpwlagb47
-
MD5
959ed9bedd1c232100902cd07f81f676
-
SHA1
a44a89ada89c160dffcbfd37c1271442009adb81
-
SHA256
1d12e2a1af0e041106a113a75df76c4d781000b23083f82e7022a51009ed449f
-
SHA512
a2b309d3112565965cdc6983e81f304cb7399cadc10142da2c439722808e7cec82631715156fd9afc8c217aee8d406d31897cc0fdb396ff869cda1217cf4d984
-
SSDEEP
98304:U0NbFUIu/8w08IEUP9yX5i9T1xEzZWg0QTa/Bcc6a0W1Lpw:Umi/8pxEUC6TfBcBafc
Static task
static1
Malware Config
Targets
-
-
Target
1d12e2a1af0e041106a113a75df76c4d781000b23083f82e7022a51009ed449f
-
Size
4.1MB
-
MD5
959ed9bedd1c232100902cd07f81f676
-
SHA1
a44a89ada89c160dffcbfd37c1271442009adb81
-
SHA256
1d12e2a1af0e041106a113a75df76c4d781000b23083f82e7022a51009ed449f
-
SHA512
a2b309d3112565965cdc6983e81f304cb7399cadc10142da2c439722808e7cec82631715156fd9afc8c217aee8d406d31897cc0fdb396ff869cda1217cf4d984
-
SSDEEP
98304:U0NbFUIu/8w08IEUP9yX5i9T1xEzZWg0QTa/Bcc6a0W1Lpw:Umi/8pxEUC6TfBcBafc
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-