General
-
Target
242df16f7569887eae8bbe57edfd98caeac90f1ad052dca7c979113108e4f2d6
-
Size
4.1MB
-
Sample
230131-zl81esad47
-
MD5
3ec06461bc2ac71dab2701ade11fc725
-
SHA1
1605219848e21a17b48d9891cb26e260d63389d6
-
SHA256
242df16f7569887eae8bbe57edfd98caeac90f1ad052dca7c979113108e4f2d6
-
SHA512
5ef4d8633033001679ad7770bddd43100172e32f6324fe143d457ae4c5abfe9bc4ac0b9d553d79aa592ffddf3458665167af05e1c19fde2cc83251495253c99f
-
SSDEEP
98304:T0y0T34jPqe76AqYiv3nwU59HFBsbXEX7+AZCZV6PW66a:YD32XE3dJFqbXoCD6Pp
Static task
static1
Malware Config
Targets
-
-
Target
242df16f7569887eae8bbe57edfd98caeac90f1ad052dca7c979113108e4f2d6
-
Size
4.1MB
-
MD5
3ec06461bc2ac71dab2701ade11fc725
-
SHA1
1605219848e21a17b48d9891cb26e260d63389d6
-
SHA256
242df16f7569887eae8bbe57edfd98caeac90f1ad052dca7c979113108e4f2d6
-
SHA512
5ef4d8633033001679ad7770bddd43100172e32f6324fe143d457ae4c5abfe9bc4ac0b9d553d79aa592ffddf3458665167af05e1c19fde2cc83251495253c99f
-
SSDEEP
98304:T0y0T34jPqe76AqYiv3nwU59HFBsbXEX7+AZCZV6PW66a:YD32XE3dJFqbXoCD6Pp
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-