General
-
Target
b254880e502ede02a8e241c6e333f7d986652b98693d362ebdcef060c187adfd
-
Size
4.1MB
-
Sample
230201-gq8lcacb22
-
MD5
8f1daeb861fa53af502b57d7ebd16d04
-
SHA1
75ae757418b70646eb0b37f460881cab8ef92cba
-
SHA256
b254880e502ede02a8e241c6e333f7d986652b98693d362ebdcef060c187adfd
-
SHA512
c6794108e97ff736071b18b20e5900def2bb41c9d52686b622d41291d92bc0a17a021e05dd225fc73f2a64c6ba3c5a01f77b48fa94fad98d4699ac853bb32e6d
-
SSDEEP
98304:tQ5RaRg3XrWNRbKONOhs9MJlnsBwQGIGFXO:tQ58OHrWWONOhfQGI7
Static task
static1
Malware Config
Targets
-
-
Target
b254880e502ede02a8e241c6e333f7d986652b98693d362ebdcef060c187adfd
-
Size
4.1MB
-
MD5
8f1daeb861fa53af502b57d7ebd16d04
-
SHA1
75ae757418b70646eb0b37f460881cab8ef92cba
-
SHA256
b254880e502ede02a8e241c6e333f7d986652b98693d362ebdcef060c187adfd
-
SHA512
c6794108e97ff736071b18b20e5900def2bb41c9d52686b622d41291d92bc0a17a021e05dd225fc73f2a64c6ba3c5a01f77b48fa94fad98d4699ac853bb32e6d
-
SSDEEP
98304:tQ5RaRg3XrWNRbKONOhs9MJlnsBwQGIGFXO:tQ58OHrWWONOhfQGI7
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-