General
-
Target
aad72da04417c968cde7b4923ca02f0e72a4a7570bf040eec3abcb631eef91ea
-
Size
4.0MB
-
Sample
230130-rsqtesaf89
-
MD5
0b133628104f6b09b607523c29bd01cb
-
SHA1
4be4a52572c8e725675ed9d38fe21590eeda9713
-
SHA256
aad72da04417c968cde7b4923ca02f0e72a4a7570bf040eec3abcb631eef91ea
-
SHA512
21a9aef90199d7cd00f9ae9002f33e4d8a3c8e4665f29899e4fb532ab84217b0048a6f6e62ebc6d1c0e4e8d9e0793e5119079683ca911875944bbfa338e5273a
-
SSDEEP
98304:WsiY6kZgb9Ciqw+IQRLQvn3VpgexCU2wEHV:WsVJZ0MiqrIwLQvnXgdF1
Static task
static1
Malware Config
Targets
-
-
Target
aad72da04417c968cde7b4923ca02f0e72a4a7570bf040eec3abcb631eef91ea
-
Size
4.0MB
-
MD5
0b133628104f6b09b607523c29bd01cb
-
SHA1
4be4a52572c8e725675ed9d38fe21590eeda9713
-
SHA256
aad72da04417c968cde7b4923ca02f0e72a4a7570bf040eec3abcb631eef91ea
-
SHA512
21a9aef90199d7cd00f9ae9002f33e4d8a3c8e4665f29899e4fb532ab84217b0048a6f6e62ebc6d1c0e4e8d9e0793e5119079683ca911875944bbfa338e5273a
-
SSDEEP
98304:WsiY6kZgb9Ciqw+IQRLQvn3VpgexCU2wEHV:WsVJZ0MiqrIwLQvnXgdF1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-