General
-
Target
55551ccb0bb48966669cc9d6e4e57879f8e63be37cf12f12891f20196b9df214
-
Size
4.0MB
-
Sample
230202-1bcd5sbb7y
-
MD5
de68328718e95b9e672f67e614cad67d
-
SHA1
413eeb068f4d715a6c2f14ddc7a8d98d12e896e9
-
SHA256
55551ccb0bb48966669cc9d6e4e57879f8e63be37cf12f12891f20196b9df214
-
SHA512
d07373a6aa46dff477b3c2262a24acfdca930d55465685e420641e188e1e58a94a4bd836ab4c1850b71ee27932ae251bc84d2493799114b2501033336156f619
-
SSDEEP
98304:L45PhrmySf+pyRbDe7H6WxSihTXpf3UczsRhT8rr:LAh5SGQRPe7a5inZzMQ/
Static task
static1
Malware Config
Targets
-
-
Target
55551ccb0bb48966669cc9d6e4e57879f8e63be37cf12f12891f20196b9df214
-
Size
4.0MB
-
MD5
de68328718e95b9e672f67e614cad67d
-
SHA1
413eeb068f4d715a6c2f14ddc7a8d98d12e896e9
-
SHA256
55551ccb0bb48966669cc9d6e4e57879f8e63be37cf12f12891f20196b9df214
-
SHA512
d07373a6aa46dff477b3c2262a24acfdca930d55465685e420641e188e1e58a94a4bd836ab4c1850b71ee27932ae251bc84d2493799114b2501033336156f619
-
SSDEEP
98304:L45PhrmySf+pyRbDe7H6WxSihTXpf3UczsRhT8rr:LAh5SGQRPe7a5inZzMQ/
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-