General
-
Target
e4d676209751a983d57b71c107a04b87e85777011b01760fa886dd21a7fd45c8
-
Size
4.1MB
-
Sample
230201-gkw1csdh7z
-
MD5
22cee26ca4443b37c17f55477a6fa8c9
-
SHA1
c9693cc022c953c02c3c6289886e6a35f65905a0
-
SHA256
e4d676209751a983d57b71c107a04b87e85777011b01760fa886dd21a7fd45c8
-
SHA512
a1dd2dd31f0e9d3678f53eeb35cf05e471abe63facf6618ba70e9993df978e706376dfe9927fd414c8f3b21b645a225fe49eee0b6ac51fd2113c83682ab89663
-
SSDEEP
98304:tQ5RaRg3XrWNRbKONOhs9MJlnsBwQGIGFXZ:tQ58OHrWWONOhfQGIs
Static task
static1
Malware Config
Targets
-
-
Target
e4d676209751a983d57b71c107a04b87e85777011b01760fa886dd21a7fd45c8
-
Size
4.1MB
-
MD5
22cee26ca4443b37c17f55477a6fa8c9
-
SHA1
c9693cc022c953c02c3c6289886e6a35f65905a0
-
SHA256
e4d676209751a983d57b71c107a04b87e85777011b01760fa886dd21a7fd45c8
-
SHA512
a1dd2dd31f0e9d3678f53eeb35cf05e471abe63facf6618ba70e9993df978e706376dfe9927fd414c8f3b21b645a225fe49eee0b6ac51fd2113c83682ab89663
-
SSDEEP
98304:tQ5RaRg3XrWNRbKONOhs9MJlnsBwQGIGFXZ:tQ58OHrWWONOhfQGIs
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-