General
-
Target
240db41d5678cbce4db15228887f108be54fc3c72bf276d2535e24ea491db149
-
Size
4.1MB
-
Sample
230201-rbslpabh3x
-
MD5
bb4d4c13225a9797c5d620027be6dffa
-
SHA1
704f0a5433dae2f3eb8b81ca4faebbbd8b2d41da
-
SHA256
240db41d5678cbce4db15228887f108be54fc3c72bf276d2535e24ea491db149
-
SHA512
fa2ee49fba40edd7dcb9305e59b1184110bfb62f8e45bd32b5a28bf31a4572a5c3664aba14527e8e5d7db94eeaff8a422095e40d03cd116c19c4da9ddf0cc8b8
-
SSDEEP
98304:rvqB+6jdfdhFMmq0uT7/qws8A+llDgKWz/4694Cma:rvOLsm8Gws0lDNwX94C1
Static task
static1
Malware Config
Targets
-
-
Target
240db41d5678cbce4db15228887f108be54fc3c72bf276d2535e24ea491db149
-
Size
4.1MB
-
MD5
bb4d4c13225a9797c5d620027be6dffa
-
SHA1
704f0a5433dae2f3eb8b81ca4faebbbd8b2d41da
-
SHA256
240db41d5678cbce4db15228887f108be54fc3c72bf276d2535e24ea491db149
-
SHA512
fa2ee49fba40edd7dcb9305e59b1184110bfb62f8e45bd32b5a28bf31a4572a5c3664aba14527e8e5d7db94eeaff8a422095e40d03cd116c19c4da9ddf0cc8b8
-
SSDEEP
98304:rvqB+6jdfdhFMmq0uT7/qws8A+llDgKWz/4694Cma:rvOLsm8Gws0lDNwX94C1
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-