General
-
Target
3eaaa92e0c6331570718f0b650d8b4c0cd11fac8425a3897b655e37ea2dc0014
-
Size
4.1MB
-
Sample
230131-zg141scb9v
-
MD5
ede8db35d00c6ea266576e8712dbb8e6
-
SHA1
ee8ccf05c9b37b1f2a300b41c5f01e6403703472
-
SHA256
3eaaa92e0c6331570718f0b650d8b4c0cd11fac8425a3897b655e37ea2dc0014
-
SHA512
27b005daf10af0f77edafaa6cefeff128fb9563dff7c77f6ad777682fc64ea7d8b92c10e58835e3fa78db7ca51f540721baf08614fa3263777c8fac39245dcfc
-
SSDEEP
98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoS:pGP4TOarwlQl5Yj7aXzNeEGKoFw
Static task
static1
Malware Config
Targets
-
-
Target
3eaaa92e0c6331570718f0b650d8b4c0cd11fac8425a3897b655e37ea2dc0014
-
Size
4.1MB
-
MD5
ede8db35d00c6ea266576e8712dbb8e6
-
SHA1
ee8ccf05c9b37b1f2a300b41c5f01e6403703472
-
SHA256
3eaaa92e0c6331570718f0b650d8b4c0cd11fac8425a3897b655e37ea2dc0014
-
SHA512
27b005daf10af0f77edafaa6cefeff128fb9563dff7c77f6ad777682fc64ea7d8b92c10e58835e3fa78db7ca51f540721baf08614fa3263777c8fac39245dcfc
-
SSDEEP
98304:40GP4TOarwWUQlPxYjIYoNuaXzNeEGaHLoxfgoS:pGP4TOarwlQl5Yj7aXzNeEGKoFw
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-