General
-
Target
38290c8781ba0dbfb2dafe53157ba533f5b0f095e016ba9aab9422cea8ee3d0d
-
Size
4.1MB
-
Sample
230131-y8l9hacb4v
-
MD5
2615281f81d30ae643de9e87b4a06936
-
SHA1
7289561d3a8ce218479217794ab2a5cd0389d7de
-
SHA256
38290c8781ba0dbfb2dafe53157ba533f5b0f095e016ba9aab9422cea8ee3d0d
-
SHA512
192d5c219f2649c521c818dc25bc0e90312d6a152106e36bfdf595a096cfc808b97ef4947afa21bf4d15f7de1ee5007ac3de6af39d5e0e624e371ce27a1a47b9
-
SSDEEP
98304:6AZs8Is3Ux2NclzGImsasArZdP5jvcsL4HZWx/5pqT/8:Z6sjNclzGImsasAddPZ1O+r
Static task
static1
Malware Config
Targets
-
-
Target
38290c8781ba0dbfb2dafe53157ba533f5b0f095e016ba9aab9422cea8ee3d0d
-
Size
4.1MB
-
MD5
2615281f81d30ae643de9e87b4a06936
-
SHA1
7289561d3a8ce218479217794ab2a5cd0389d7de
-
SHA256
38290c8781ba0dbfb2dafe53157ba533f5b0f095e016ba9aab9422cea8ee3d0d
-
SHA512
192d5c219f2649c521c818dc25bc0e90312d6a152106e36bfdf595a096cfc808b97ef4947afa21bf4d15f7de1ee5007ac3de6af39d5e0e624e371ce27a1a47b9
-
SSDEEP
98304:6AZs8Is3Ux2NclzGImsasArZdP5jvcsL4HZWx/5pqT/8:Z6sjNclzGImsasAddPZ1O+r
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-