General
-
Target
88ca5429f665c844b2b0f7f5ea14feae7934d2f9e8040f86418085fb4af429a6
-
Size
4.1MB
-
Sample
230201-qt543agf39
-
MD5
917ac10f7baa41838c8f2af94496efba
-
SHA1
35a35dbeb38dfd54204cdba3b504bd437acf0e8e
-
SHA256
88ca5429f665c844b2b0f7f5ea14feae7934d2f9e8040f86418085fb4af429a6
-
SHA512
9ab86a3f1bf0cacca4bb86e0185c148edee2cfd8fbb16724a5a1829614e3b473d041153feb25a05c87d84b2027d2b21db287fd233361881239a0362d569da6b2
-
SSDEEP
98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vk:H6f3ZOkSsSJbX2t0b177m5v4jG1FTR
Static task
static1
Malware Config
Targets
-
-
Target
88ca5429f665c844b2b0f7f5ea14feae7934d2f9e8040f86418085fb4af429a6
-
Size
4.1MB
-
MD5
917ac10f7baa41838c8f2af94496efba
-
SHA1
35a35dbeb38dfd54204cdba3b504bd437acf0e8e
-
SHA256
88ca5429f665c844b2b0f7f5ea14feae7934d2f9e8040f86418085fb4af429a6
-
SHA512
9ab86a3f1bf0cacca4bb86e0185c148edee2cfd8fbb16724a5a1829614e3b473d041153feb25a05c87d84b2027d2b21db287fd233361881239a0362d569da6b2
-
SSDEEP
98304:H6fyeZOkSsXCJDxp7vbPmU2t0bQU77LS5iWoBjdXw1FywH41vk:H6f3ZOkSsSJbX2t0b177m5v4jG1FTR
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-