General
-
Target
7bb49c25d48f9e2812cc5a2c2167bc56cad4bb67380dff4abf3801ba808a6353
-
Size
4.0MB
-
Sample
230203-3m8b3afa7s
-
MD5
2409316a632afdb58633c6415da02b57
-
SHA1
57dd1c1435764174c9603c18c7d7747a627ead63
-
SHA256
7bb49c25d48f9e2812cc5a2c2167bc56cad4bb67380dff4abf3801ba808a6353
-
SHA512
e13a5c34b594446ef0e4adec511379d58c6ef171e19b207250304550c7741b6b7e8cd91662616db9943b8ecfbe10c0c038d91a8454d9ba4553aa4a0f868240a1
-
SSDEEP
98304:nyBgj/os1ZS9JDwly8rxMGVI/ApR6wyu9StQ1HMH:yOjgsjS9J87xVI/Aywj9StQhMH
Static task
static1
Malware Config
Targets
-
-
Target
7bb49c25d48f9e2812cc5a2c2167bc56cad4bb67380dff4abf3801ba808a6353
-
Size
4.0MB
-
MD5
2409316a632afdb58633c6415da02b57
-
SHA1
57dd1c1435764174c9603c18c7d7747a627ead63
-
SHA256
7bb49c25d48f9e2812cc5a2c2167bc56cad4bb67380dff4abf3801ba808a6353
-
SHA512
e13a5c34b594446ef0e4adec511379d58c6ef171e19b207250304550c7741b6b7e8cd91662616db9943b8ecfbe10c0c038d91a8454d9ba4553aa4a0f868240a1
-
SSDEEP
98304:nyBgj/os1ZS9JDwly8rxMGVI/ApR6wyu9StQ1HMH:yOjgsjS9J87xVI/Aywj9StQhMH
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-