General
-
Target
b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416
-
Size
4.1MB
-
Sample
230201-a7hmxsda9v
-
MD5
216348d1a6bfd229f076c7ff0b33ffab
-
SHA1
8c97e6a52f31b8da26f5a9708ab6c335ba92391a
-
SHA256
b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416
-
SHA512
c10076f51991a7eb92428d25a44623f14e473928c4bb2ebd8a5659878e29b2534f71071a5f08a4792b78c09f26ed7160390166293bc4b1eac9fcb241948d4299
-
SSDEEP
98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7JC:rPd0l2GpC4plgE43YW9JIF
Static task
static1
Malware Config
Targets
-
-
Target
b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416
-
Size
4.1MB
-
MD5
216348d1a6bfd229f076c7ff0b33ffab
-
SHA1
8c97e6a52f31b8da26f5a9708ab6c335ba92391a
-
SHA256
b50586b8be7701d3e87139ae951ea6b86394870b931dbec30379691d5bf20416
-
SHA512
c10076f51991a7eb92428d25a44623f14e473928c4bb2ebd8a5659878e29b2534f71071a5f08a4792b78c09f26ed7160390166293bc4b1eac9fcb241948d4299
-
SSDEEP
98304:rPiG3d5il2l8pCrcfzNlt7+i6I2BiezZYW9Jlak7JC:rPd0l2GpC4plgE43YW9JIF
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-