General
-
Target
4dfcbc36a9e95e7d114260915dc903a143fc67ccd4d3a88d3bc7e061921fc6f2
-
Size
4.0MB
-
Sample
230130-j6ez3sbc8s
-
MD5
da8dc095487d89b4b9d6c29108da2e4c
-
SHA1
9971f28b784bb1fc82fc7ffb3dc0c5b78e55bba6
-
SHA256
4dfcbc36a9e95e7d114260915dc903a143fc67ccd4d3a88d3bc7e061921fc6f2
-
SHA512
cd509fb466c2ced3807116746838773638348ac8045c81bb6a199eca27f5fb689cb1f2f3e7fec9060174ec72149f6f134cb66383526dc2834171900ff86de927
-
SSDEEP
98304:bdt+18nXqWZnE2/iL11IaO/35A+TnnpixW3rw8nM2vL4vxvb:NXJqLETBAypiSw8zvcvp
Static task
static1
Malware Config
Targets
-
-
Target
4dfcbc36a9e95e7d114260915dc903a143fc67ccd4d3a88d3bc7e061921fc6f2
-
Size
4.0MB
-
MD5
da8dc095487d89b4b9d6c29108da2e4c
-
SHA1
9971f28b784bb1fc82fc7ffb3dc0c5b78e55bba6
-
SHA256
4dfcbc36a9e95e7d114260915dc903a143fc67ccd4d3a88d3bc7e061921fc6f2
-
SHA512
cd509fb466c2ced3807116746838773638348ac8045c81bb6a199eca27f5fb689cb1f2f3e7fec9060174ec72149f6f134cb66383526dc2834171900ff86de927
-
SSDEEP
98304:bdt+18nXqWZnE2/iL11IaO/35A+TnnpixW3rw8nM2vL4vxvb:NXJqLETBAypiSw8zvcvp
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-