General
-
Target
549e4d4a190c573cbdd09aa7b86fceed816ab66cd73b4a5ca03ed5a7721ba371
-
Size
4.1MB
-
Sample
230131-m5l9jshg9z
-
MD5
b686cd8125ed80c7811b72ab16c28e2b
-
SHA1
90a794e4d4f5af544b1344bfbb06797a11a89f4f
-
SHA256
549e4d4a190c573cbdd09aa7b86fceed816ab66cd73b4a5ca03ed5a7721ba371
-
SHA512
f9976a2e3520c6eff80cbd4699c07a5678f6f679078897c3ac0ec894826b8f40e466389b22a6b2aad15e5831ceb3c9b00008b81064a83af0e4d29dbdaa3bc14b
-
SSDEEP
98304:+DRa9t52alR+zGMAoLvfaiYMIKqODq2EVBfHX0VJ3VKrlSPNB1rpWSzl:+NAkab+zl1vfj1dbEVpEzlqSz1N
Static task
static1
Malware Config
Targets
-
-
Target
549e4d4a190c573cbdd09aa7b86fceed816ab66cd73b4a5ca03ed5a7721ba371
-
Size
4.1MB
-
MD5
b686cd8125ed80c7811b72ab16c28e2b
-
SHA1
90a794e4d4f5af544b1344bfbb06797a11a89f4f
-
SHA256
549e4d4a190c573cbdd09aa7b86fceed816ab66cd73b4a5ca03ed5a7721ba371
-
SHA512
f9976a2e3520c6eff80cbd4699c07a5678f6f679078897c3ac0ec894826b8f40e466389b22a6b2aad15e5831ceb3c9b00008b81064a83af0e4d29dbdaa3bc14b
-
SSDEEP
98304:+DRa9t52alR+zGMAoLvfaiYMIKqODq2EVBfHX0VJ3VKrlSPNB1rpWSzl:+NAkab+zl1vfj1dbEVpEzlqSz1N
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-