General
-
Target
903eb32593336d8c803c2e9450cd2ff6cff4647998d141ef9e629061524e0cfc
-
Size
4.0MB
-
Sample
230203-gmk1wabf46
-
MD5
faa4c6184004ae8900e9c5429564ed68
-
SHA1
03ded6164838f84e35fe727d5181b44bf1ff05b7
-
SHA256
903eb32593336d8c803c2e9450cd2ff6cff4647998d141ef9e629061524e0cfc
-
SHA512
eb720126016fab5412bfde3d567d5fa88e2fe34fd917fab7e6062d8dbb730e35ee2fcb76bf2e3f1d612899d42e4104ba8fcd4b977d382727041cf20d7d6cddd7
-
SSDEEP
98304:+plqtTpK+E2MOdVG+5zEXnm2MiOU9HCd+0crSLm9UBsZpFVgK2S:+plqtcVCVG+NEXnm2M89HCuSUUG33
Static task
static1
Malware Config
Targets
-
-
Target
903eb32593336d8c803c2e9450cd2ff6cff4647998d141ef9e629061524e0cfc
-
Size
4.0MB
-
MD5
faa4c6184004ae8900e9c5429564ed68
-
SHA1
03ded6164838f84e35fe727d5181b44bf1ff05b7
-
SHA256
903eb32593336d8c803c2e9450cd2ff6cff4647998d141ef9e629061524e0cfc
-
SHA512
eb720126016fab5412bfde3d567d5fa88e2fe34fd917fab7e6062d8dbb730e35ee2fcb76bf2e3f1d612899d42e4104ba8fcd4b977d382727041cf20d7d6cddd7
-
SSDEEP
98304:+plqtTpK+E2MOdVG+5zEXnm2MiOU9HCd+0crSLm9UBsZpFVgK2S:+plqtcVCVG+NEXnm2M89HCuSUUG33
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-