General
-
Target
C70D8D5544DE83D88ABA62CFE7F8C799.exe
-
Size
4.0MB
-
Sample
230203-1dnj7aef51
-
MD5
c70d8d5544de83d88aba62cfe7f8c799
-
SHA1
16f4f5dba14fe5b1d037fa427d50ed55d64967b8
-
SHA256
b97e7f0624d136536589540acf7dfce59f7b8f08af5e720ab7d4d2e1da7000cc
-
SHA512
0af3392ebfc89df75a0785d4cccf7b10df73cb2fdce6be7e4177a89152fdfed61df2feb8435d3c174943d32949db74acda25125922c009fbb2012d5d35dfa860
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BU6:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbP
Static task
static1
Behavioral task
behavioral1
Sample
C70D8D5544DE83D88ABA62CFE7F8C799.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
C70D8D5544DE83D88ABA62CFE7F8C799.exe
-
Size
4.0MB
-
MD5
c70d8d5544de83d88aba62cfe7f8c799
-
SHA1
16f4f5dba14fe5b1d037fa427d50ed55d64967b8
-
SHA256
b97e7f0624d136536589540acf7dfce59f7b8f08af5e720ab7d4d2e1da7000cc
-
SHA512
0af3392ebfc89df75a0785d4cccf7b10df73cb2fdce6be7e4177a89152fdfed61df2feb8435d3c174943d32949db74acda25125922c009fbb2012d5d35dfa860
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BU6:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbP
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-