General
-
Target
65022d66d1bd5a4bd0a93dcd1fca4ad06ede7c6361b8f83e92333920973dcb80
-
Size
4.0MB
-
Sample
230203-3l1ktsfa6v
-
MD5
e547690f86f6526c273569fd59aec14c
-
SHA1
8a93ebf891cf9f821e29b35fbb60c56d0ccd4779
-
SHA256
65022d66d1bd5a4bd0a93dcd1fca4ad06ede7c6361b8f83e92333920973dcb80
-
SHA512
75a118237556016423078c62ce5546d3174bed3597adb8162dccebdd67e2b298c63fd2d14714c5aef78f43be30f5729bab3eb116d22f32f09141057496fbdadc
-
SSDEEP
98304:nyBgj/os1ZS9JDwly8rxMGVI/ApR6wyu9StQ1HMR:yOjgsjS9J87xVI/Aywj9StQhMR
Static task
static1
Malware Config
Targets
-
-
Target
65022d66d1bd5a4bd0a93dcd1fca4ad06ede7c6361b8f83e92333920973dcb80
-
Size
4.0MB
-
MD5
e547690f86f6526c273569fd59aec14c
-
SHA1
8a93ebf891cf9f821e29b35fbb60c56d0ccd4779
-
SHA256
65022d66d1bd5a4bd0a93dcd1fca4ad06ede7c6361b8f83e92333920973dcb80
-
SHA512
75a118237556016423078c62ce5546d3174bed3597adb8162dccebdd67e2b298c63fd2d14714c5aef78f43be30f5729bab3eb116d22f32f09141057496fbdadc
-
SSDEEP
98304:nyBgj/os1ZS9JDwly8rxMGVI/ApR6wyu9StQ1HMR:yOjgsjS9J87xVI/Aywj9StQhMR
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-