General
-
Target
93e144ed8fc087a2cbac0bfb50ffa4ade32836336efeb251004c30068748fd26
-
Size
4.1MB
-
Sample
230201-mqfs8ach57
-
MD5
2db40507ba52e09a693e7eced2cd29bb
-
SHA1
1663f54780425f1677ad581ad29a72d8f3973c2d
-
SHA256
93e144ed8fc087a2cbac0bfb50ffa4ade32836336efeb251004c30068748fd26
-
SHA512
2f199b453d7f02c96465727727f9998c6200c0f6c5e7b84e5908587e8d4a0182b6e16052cf0e98c54312fb162e44089d2719d97adea35e301fb23a06e60690e2
-
SSDEEP
98304:TN5l3z415iJicY9WHt2FLXUjMp9uGF83nwdR:TN51rwcYIEFzUjMp0Gm3nUR
Static task
static1
Malware Config
Targets
-
-
Target
93e144ed8fc087a2cbac0bfb50ffa4ade32836336efeb251004c30068748fd26
-
Size
4.1MB
-
MD5
2db40507ba52e09a693e7eced2cd29bb
-
SHA1
1663f54780425f1677ad581ad29a72d8f3973c2d
-
SHA256
93e144ed8fc087a2cbac0bfb50ffa4ade32836336efeb251004c30068748fd26
-
SHA512
2f199b453d7f02c96465727727f9998c6200c0f6c5e7b84e5908587e8d4a0182b6e16052cf0e98c54312fb162e44089d2719d97adea35e301fb23a06e60690e2
-
SSDEEP
98304:TN5l3z415iJicY9WHt2FLXUjMp9uGF83nwdR:TN51rwcYIEFzUjMp0Gm3nUR
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-