General
-
Target
e41c52a797ec62f8aec6b9ea034e021f4a982f6103925e830ab2be0c20495c42
-
Size
4.1MB
-
Sample
230201-vapeescf7x
-
MD5
246ef63ee1a1b2f890fd93318a6129e2
-
SHA1
14cd7f019108c9849e5de80ce497c94e0d64ded6
-
SHA256
e41c52a797ec62f8aec6b9ea034e021f4a982f6103925e830ab2be0c20495c42
-
SHA512
406ff285e37dd0c2ccbbcbd83612d5932b382eeb401d85a35ddd345bdd8ae838dd1a510f5b550b686abdbe4de4d990a8942f63ac838ffbc4949234b47a89f8f8
-
SSDEEP
98304:L7TfzaiHcQ3VRXxSozCr0smNhcqJFcdmFhzqZJOwslPcviz2SB:L7Tfz133XxSozCLmNhIdmFgL20viHB
Static task
static1
Malware Config
Targets
-
-
Target
e41c52a797ec62f8aec6b9ea034e021f4a982f6103925e830ab2be0c20495c42
-
Size
4.1MB
-
MD5
246ef63ee1a1b2f890fd93318a6129e2
-
SHA1
14cd7f019108c9849e5de80ce497c94e0d64ded6
-
SHA256
e41c52a797ec62f8aec6b9ea034e021f4a982f6103925e830ab2be0c20495c42
-
SHA512
406ff285e37dd0c2ccbbcbd83612d5932b382eeb401d85a35ddd345bdd8ae838dd1a510f5b550b686abdbe4de4d990a8942f63ac838ffbc4949234b47a89f8f8
-
SSDEEP
98304:L7TfzaiHcQ3VRXxSozCr0smNhcqJFcdmFhzqZJOwslPcviz2SB:L7Tfz133XxSozCLmNhIdmFgL20viHB
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-