General
-
Target
fa9a0672fd81e63b2970438e66c4f50450028f651356862b34bcc0015eb7d03b
-
Size
4.1MB
-
Sample
230201-g45rlsea5w
-
MD5
c4bc58ea409dee51e4c1ef8de4402500
-
SHA1
6d97fc495376afd885a4c80c746062fbce2f50f2
-
SHA256
fa9a0672fd81e63b2970438e66c4f50450028f651356862b34bcc0015eb7d03b
-
SHA512
be83d67d2da9cd095c15050e7242583f93dadfa3be9a97296edd97da934a5bb2a29675a3817f003bc25212557837b9266e44ff8fac042fcf1773b650029d89ef
-
SSDEEP
98304:u3xVCXxo1Kmw3N5BZbayOSHcghKLze3Q26NR7:u3xVCXi1KmwdBT9XKXewNR
Static task
static1
Malware Config
Targets
-
-
Target
fa9a0672fd81e63b2970438e66c4f50450028f651356862b34bcc0015eb7d03b
-
Size
4.1MB
-
MD5
c4bc58ea409dee51e4c1ef8de4402500
-
SHA1
6d97fc495376afd885a4c80c746062fbce2f50f2
-
SHA256
fa9a0672fd81e63b2970438e66c4f50450028f651356862b34bcc0015eb7d03b
-
SHA512
be83d67d2da9cd095c15050e7242583f93dadfa3be9a97296edd97da934a5bb2a29675a3817f003bc25212557837b9266e44ff8fac042fcf1773b650029d89ef
-
SSDEEP
98304:u3xVCXxo1Kmw3N5BZbayOSHcghKLze3Q26NR7:u3xVCXi1KmwdBT9XKXewNR
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-