General
-
Target
b1570183eec0356db9569287186c8a8ba6109be96f04a930a2f01002f1e4105d
-
Size
4.1MB
-
Sample
230131-zk964aad45
-
MD5
09aa80813c8251bd48ab59b836c45dc5
-
SHA1
d50e91b3a2d9b23f10b1eb1b80db4a6215c14960
-
SHA256
b1570183eec0356db9569287186c8a8ba6109be96f04a930a2f01002f1e4105d
-
SHA512
5057b3666910bf2c5098bc43dba6b422d63e14ac6187a03a3e194769de5abc6c58dbff35aebb38fb61affed323c36f3b19fb0e64bde731a3cb0b67eaedde2a63
-
SSDEEP
98304:T0y0T34jPqe76AqYiv3nwU59HFBsbXEX7+AZCZV6PW66j:YD32XE3dJFqbXoCD6PI
Static task
static1
Malware Config
Targets
-
-
Target
b1570183eec0356db9569287186c8a8ba6109be96f04a930a2f01002f1e4105d
-
Size
4.1MB
-
MD5
09aa80813c8251bd48ab59b836c45dc5
-
SHA1
d50e91b3a2d9b23f10b1eb1b80db4a6215c14960
-
SHA256
b1570183eec0356db9569287186c8a8ba6109be96f04a930a2f01002f1e4105d
-
SHA512
5057b3666910bf2c5098bc43dba6b422d63e14ac6187a03a3e194769de5abc6c58dbff35aebb38fb61affed323c36f3b19fb0e64bde731a3cb0b67eaedde2a63
-
SSDEEP
98304:T0y0T34jPqe76AqYiv3nwU59HFBsbXEX7+AZCZV6PW66j:YD32XE3dJFqbXoCD6PI
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-