General
-
Target
3a700dd0139c0e609368845bc4cdc40c7ad05e49179e625db7dbd8f645552e40
-
Size
4.0MB
-
Sample
230203-252fssbf53
-
MD5
657a969aa0a9e0014ab2ca1ea5c3bace
-
SHA1
31c7bb5e1cb5004969683cc1c887364cd209b7c4
-
SHA256
3a700dd0139c0e609368845bc4cdc40c7ad05e49179e625db7dbd8f645552e40
-
SHA512
d9ad2f91853632de99af9075a96c7edf5a8969dc8b1a7b80eebb9d55ee60dcc9357900a1f2bf3a00d52e5adea3bf3ba89e02cd5f2684d2536f081ef1997f4f75
-
SSDEEP
98304:oadrehQaVykHG5G8qJbbLy/KsRKH9PPtryq1x+qpmvPEiezmMwQk4XA:BdCqXkm53ULySs8H3f1x+qIQzmMwQFXA
Static task
static1
Malware Config
Targets
-
-
Target
3a700dd0139c0e609368845bc4cdc40c7ad05e49179e625db7dbd8f645552e40
-
Size
4.0MB
-
MD5
657a969aa0a9e0014ab2ca1ea5c3bace
-
SHA1
31c7bb5e1cb5004969683cc1c887364cd209b7c4
-
SHA256
3a700dd0139c0e609368845bc4cdc40c7ad05e49179e625db7dbd8f645552e40
-
SHA512
d9ad2f91853632de99af9075a96c7edf5a8969dc8b1a7b80eebb9d55ee60dcc9357900a1f2bf3a00d52e5adea3bf3ba89e02cd5f2684d2536f081ef1997f4f75
-
SSDEEP
98304:oadrehQaVykHG5G8qJbbLy/KsRKH9PPtryq1x+qpmvPEiezmMwQk4XA:BdCqXkm53ULySs8H3f1x+qIQzmMwQFXA
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-