General
-
Target
490b9d877f867a1a066b50b9c056e1214349662ef50caeff087451178ede8c52
-
Size
4.0MB
-
Sample
230130-t6bmrscg4x
-
MD5
48a398c05d29c7f3cef396533899ebf5
-
SHA1
5a3577c0131fe4109d106029caa97a21baf475d7
-
SHA256
490b9d877f867a1a066b50b9c056e1214349662ef50caeff087451178ede8c52
-
SHA512
df18b77377531b0f0c4db8b06b13574dde7b157e6436e0d3c93acb55d73c3210d2d9179cdea6e7c9ff14f61811ac48ddb2d6852d60ac3ec01248fa2edb36e000
-
SSDEEP
98304:L8SxEMsATykk9xhicc7qAaDdR1QU+EGtSCf87Fd+372d37qm:oSAVCWAaDdR1GJSW8JI+n
Static task
static1
Malware Config
Targets
-
-
Target
490b9d877f867a1a066b50b9c056e1214349662ef50caeff087451178ede8c52
-
Size
4.0MB
-
MD5
48a398c05d29c7f3cef396533899ebf5
-
SHA1
5a3577c0131fe4109d106029caa97a21baf475d7
-
SHA256
490b9d877f867a1a066b50b9c056e1214349662ef50caeff087451178ede8c52
-
SHA512
df18b77377531b0f0c4db8b06b13574dde7b157e6436e0d3c93acb55d73c3210d2d9179cdea6e7c9ff14f61811ac48ddb2d6852d60ac3ec01248fa2edb36e000
-
SSDEEP
98304:L8SxEMsATykk9xhicc7qAaDdR1QU+EGtSCf87Fd+372d37qm:oSAVCWAaDdR1GJSW8JI+n
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-