General
-
Target
ab025426a0b8f4a29275fd58f483b6b9171bad2724ce17cd57e08a10097de5eb
-
Size
4.0MB
-
Sample
230130-zagf2aec4x
-
MD5
444e144fcd16e52b7ed4b9a55c31615f
-
SHA1
b8987c36c181cd0932613883c3032ffe6d3f7135
-
SHA256
ab025426a0b8f4a29275fd58f483b6b9171bad2724ce17cd57e08a10097de5eb
-
SHA512
b1fc359f6c381fe7b42553df66f96eb254520ff2fa3c2b4f11917cadba7bcc774ddd105c0fb43ee022265ad7dbde03bb565297dac569ed117a8b9d775b050bf0
-
SSDEEP
98304:4bjq/455k7LKeNo7yESjt/llWE5I7+RajBYf/jIvLCsWXU1/vD9KlAne:mW/V7ui2sJlIyaXWrU+Dk1/xKane
Static task
static1
Malware Config
Targets
-
-
Target
ab025426a0b8f4a29275fd58f483b6b9171bad2724ce17cd57e08a10097de5eb
-
Size
4.0MB
-
MD5
444e144fcd16e52b7ed4b9a55c31615f
-
SHA1
b8987c36c181cd0932613883c3032ffe6d3f7135
-
SHA256
ab025426a0b8f4a29275fd58f483b6b9171bad2724ce17cd57e08a10097de5eb
-
SHA512
b1fc359f6c381fe7b42553df66f96eb254520ff2fa3c2b4f11917cadba7bcc774ddd105c0fb43ee022265ad7dbde03bb565297dac569ed117a8b9d775b050bf0
-
SSDEEP
98304:4bjq/455k7LKeNo7yESjt/llWE5I7+RajBYf/jIvLCsWXU1/vD9KlAne:mW/V7ui2sJlIyaXWrU+Dk1/xKane
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-