General
-
Target
e40d880a4974312aadd69a7a37c1732c72717a75efe8953cb3dfe7c7c408da09
-
Size
4.1MB
-
Sample
230201-j9y75aed4y
-
MD5
34d1ddc92085453787e20a208ed60bb9
-
SHA1
2b045226390ecd7b8b367ead301daee3a61ec9f5
-
SHA256
e40d880a4974312aadd69a7a37c1732c72717a75efe8953cb3dfe7c7c408da09
-
SHA512
529ca05da4040b0ea84996fe26e1d1aa07c2c398cb0ccfe1f325e02a833015c2fd1392dab9e65364e542b81b2cce788e30924dec424c979fdf68e8bfd5f5e21b
-
SSDEEP
98304:FGlg+U/Ft9Vv1UNKIcgi6b5UsbqQr0xHyWAS22fdE5Ypkk3tjk:FG2DvCL+K7bq9xfRpkAg
Static task
static1
Malware Config
Targets
-
-
Target
e40d880a4974312aadd69a7a37c1732c72717a75efe8953cb3dfe7c7c408da09
-
Size
4.1MB
-
MD5
34d1ddc92085453787e20a208ed60bb9
-
SHA1
2b045226390ecd7b8b367ead301daee3a61ec9f5
-
SHA256
e40d880a4974312aadd69a7a37c1732c72717a75efe8953cb3dfe7c7c408da09
-
SHA512
529ca05da4040b0ea84996fe26e1d1aa07c2c398cb0ccfe1f325e02a833015c2fd1392dab9e65364e542b81b2cce788e30924dec424c979fdf68e8bfd5f5e21b
-
SSDEEP
98304:FGlg+U/Ft9Vv1UNKIcgi6b5UsbqQr0xHyWAS22fdE5Ypkk3tjk:FG2DvCL+K7bq9xfRpkAg
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-