General
-
Target
02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db
-
Size
4.1MB
-
Sample
230131-t6dgcsba2y
-
MD5
339af15ed707e34ad1d48b2317ed349d
-
SHA1
4018e91e2bef9dc454ff9b5b871bed293fa32fd5
-
SHA256
02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db
-
SHA512
5cb7e27969d67bef34fb4597b21748eeac649e31bf3a006ab7c8b0cfd3758a6973644bbe63b60fe99601207a83e19cd44af579024209371585e6ddef19d9e1cb
-
SSDEEP
98304:Kc0lgzThpRURyzY9KY+mJv0mTjHZari0FPpVBeRxQa:Kc0WpaAzY9KY+K1TjHZ30dpzcT
Static task
static1
Malware Config
Targets
-
-
Target
02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db
-
Size
4.1MB
-
MD5
339af15ed707e34ad1d48b2317ed349d
-
SHA1
4018e91e2bef9dc454ff9b5b871bed293fa32fd5
-
SHA256
02c43a6420cfc7f354f3bebd506f1e2b5c3e6786496b7c89e869b221d19914db
-
SHA512
5cb7e27969d67bef34fb4597b21748eeac649e31bf3a006ab7c8b0cfd3758a6973644bbe63b60fe99601207a83e19cd44af579024209371585e6ddef19d9e1cb
-
SSDEEP
98304:Kc0lgzThpRURyzY9KY+mJv0mTjHZari0FPpVBeRxQa:Kc0WpaAzY9KY+K1TjHZ30dpzcT
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-