General
-
Target
28785def6823922fe6fbff2ef34e215fbaaec2253d4fc44eb859b07d9c7b1739
-
Size
4.1MB
-
Sample
230201-t7q4vacf6w
-
MD5
cc3d64956333e837226f2970c7ddbef8
-
SHA1
844bb290e146935b6f482a889d5bccd2c892e8f2
-
SHA256
28785def6823922fe6fbff2ef34e215fbaaec2253d4fc44eb859b07d9c7b1739
-
SHA512
b975f7f8a2fdd51451b096391ac1bfcc76002abd0f55ed5163ee6607790a541872e51e35a4f29d2f7d87362bcd610f93043e20e1740785c0311c9e62ccc186d5
-
SSDEEP
98304:L7TfzaiHcQ3VRXxSozCr0smNhcqJFcdmFhzqZJOwslPcviz2Sa:L7Tfz133XxSozCLmNhIdmFgL20viHa
Static task
static1
Malware Config
Targets
-
-
Target
28785def6823922fe6fbff2ef34e215fbaaec2253d4fc44eb859b07d9c7b1739
-
Size
4.1MB
-
MD5
cc3d64956333e837226f2970c7ddbef8
-
SHA1
844bb290e146935b6f482a889d5bccd2c892e8f2
-
SHA256
28785def6823922fe6fbff2ef34e215fbaaec2253d4fc44eb859b07d9c7b1739
-
SHA512
b975f7f8a2fdd51451b096391ac1bfcc76002abd0f55ed5163ee6607790a541872e51e35a4f29d2f7d87362bcd610f93043e20e1740785c0311c9e62ccc186d5
-
SSDEEP
98304:L7TfzaiHcQ3VRXxSozCr0smNhcqJFcdmFhzqZJOwslPcviz2Sa:L7Tfz133XxSozCLmNhIdmFgL20viHa
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-