General
-
Target
488275caac92ff5cd253b118ac94a4a8b95b91f5cbb93e98d60ac9a914c87250
-
Size
4.1MB
-
Sample
230201-m4tbgada27
-
MD5
b35cd48804c07cb07d039eb6fd366657
-
SHA1
ee226e01bf944b12aa20af9b770d65989a18e31b
-
SHA256
488275caac92ff5cd253b118ac94a4a8b95b91f5cbb93e98d60ac9a914c87250
-
SHA512
cfa9cc0a5bf73e777aacaee31319b6374f4417b119ad1eb9798d952d6d4a05b7d6ce318cc0833bc8024045174f4f1c2f7e0af774e74dc1bab183b7761978f97f
-
SSDEEP
98304:TN5l3z415iJicY9WHt2FLXUjMp9uGF83nwdg:TN51rwcYIEFzUjMp0Gm3nUg
Static task
static1
Malware Config
Targets
-
-
Target
488275caac92ff5cd253b118ac94a4a8b95b91f5cbb93e98d60ac9a914c87250
-
Size
4.1MB
-
MD5
b35cd48804c07cb07d039eb6fd366657
-
SHA1
ee226e01bf944b12aa20af9b770d65989a18e31b
-
SHA256
488275caac92ff5cd253b118ac94a4a8b95b91f5cbb93e98d60ac9a914c87250
-
SHA512
cfa9cc0a5bf73e777aacaee31319b6374f4417b119ad1eb9798d952d6d4a05b7d6ce318cc0833bc8024045174f4f1c2f7e0af774e74dc1bab183b7761978f97f
-
SSDEEP
98304:TN5l3z415iJicY9WHt2FLXUjMp9uGF83nwdg:TN51rwcYIEFzUjMp0Gm3nUg
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-