General
-
Target
4913d50250c9783d060cb536a370d8d6b9b1b70f408d61d4365c71ac9124088a
-
Size
4.0MB
-
Sample
230130-j61lsahf97
-
MD5
55b4f375cd322d9b76e732bfeb531020
-
SHA1
3e8fa5cf2d9bbf7f6f87d0b0b94291684221df1e
-
SHA256
4913d50250c9783d060cb536a370d8d6b9b1b70f408d61d4365c71ac9124088a
-
SHA512
55a85b124db978d9249c84a2aca3cdb5bf52591cc65917b884ac0e7d0b973dc88bd831bc4386231f2041ba2fcd359d8a1e9dfda91131b3bb7612b1351fc24167
-
SSDEEP
98304:bdt+18nXqWZnE2/iL11IaO/35A+TnnpixW3rw8nM2vL4vxvY:NXJqLETBAypiSw8zvcv+
Static task
static1
Malware Config
Targets
-
-
Target
4913d50250c9783d060cb536a370d8d6b9b1b70f408d61d4365c71ac9124088a
-
Size
4.0MB
-
MD5
55b4f375cd322d9b76e732bfeb531020
-
SHA1
3e8fa5cf2d9bbf7f6f87d0b0b94291684221df1e
-
SHA256
4913d50250c9783d060cb536a370d8d6b9b1b70f408d61d4365c71ac9124088a
-
SHA512
55a85b124db978d9249c84a2aca3cdb5bf52591cc65917b884ac0e7d0b973dc88bd831bc4386231f2041ba2fcd359d8a1e9dfda91131b3bb7612b1351fc24167
-
SSDEEP
98304:bdt+18nXqWZnE2/iL11IaO/35A+TnnpixW3rw8nM2vL4vxvY:NXJqLETBAypiSw8zvcv+
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-