General
-
Target
7b11c8ea8f3f80e9dfc24cbcb69bf01e0bb092347cb61140e06650aa58b92c2b
-
Size
4.1MB
-
Sample
230131-vm6jgahb89
-
MD5
1b5a7249ce4850973467f76c9129a405
-
SHA1
c75c85828e2bb902854e6d68c44723c0e75dd675
-
SHA256
7b11c8ea8f3f80e9dfc24cbcb69bf01e0bb092347cb61140e06650aa58b92c2b
-
SHA512
cf4b632ccfd537406ec675386202eeb725b6d25230290c5813d743bab8063335c4bdbd6522937e873fc86c339b61f49b555657a02999c803f0f570668ad1f875
-
SSDEEP
98304:dtaEBlqUcLEw7EmeMCmvkA4sReR/bTlPTaVxKd:XblqU6EwJAl2eFlPTaVK
Static task
static1
Malware Config
Targets
-
-
Target
7b11c8ea8f3f80e9dfc24cbcb69bf01e0bb092347cb61140e06650aa58b92c2b
-
Size
4.1MB
-
MD5
1b5a7249ce4850973467f76c9129a405
-
SHA1
c75c85828e2bb902854e6d68c44723c0e75dd675
-
SHA256
7b11c8ea8f3f80e9dfc24cbcb69bf01e0bb092347cb61140e06650aa58b92c2b
-
SHA512
cf4b632ccfd537406ec675386202eeb725b6d25230290c5813d743bab8063335c4bdbd6522937e873fc86c339b61f49b555657a02999c803f0f570668ad1f875
-
SSDEEP
98304:dtaEBlqUcLEw7EmeMCmvkA4sReR/bTlPTaVxKd:XblqU6EwJAl2eFlPTaVK
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-