General
-
Target
08e8d947e6c48ab47607697589d9d1651baf9fbe1694239fed0714a6addc4fd0
-
Size
4.1MB
-
Sample
230203-j7sbssda94
-
MD5
fc02d69e10330e8f85caa869ce0d0fb0
-
SHA1
ea484b6b82c161050680d1b23cb16328173a4e28
-
SHA256
08e8d947e6c48ab47607697589d9d1651baf9fbe1694239fed0714a6addc4fd0
-
SHA512
244649a3056a19e1b8cce6e2cacf6eb6f1919f37bb61e6624ab1f1df1871bd9017d4cb1b30ebfa08be698bf72f102b9141b9bf13084399862f3f8660a91142b3
-
SSDEEP
98304:716yO65OGQAlOoza46CaI2OlcIYFRLJI22LXXTAgqe:7UL6lmZDIOIYFRLJOnU+
Static task
static1
Malware Config
Targets
-
-
Target
08e8d947e6c48ab47607697589d9d1651baf9fbe1694239fed0714a6addc4fd0
-
Size
4.1MB
-
MD5
fc02d69e10330e8f85caa869ce0d0fb0
-
SHA1
ea484b6b82c161050680d1b23cb16328173a4e28
-
SHA256
08e8d947e6c48ab47607697589d9d1651baf9fbe1694239fed0714a6addc4fd0
-
SHA512
244649a3056a19e1b8cce6e2cacf6eb6f1919f37bb61e6624ab1f1df1871bd9017d4cb1b30ebfa08be698bf72f102b9141b9bf13084399862f3f8660a91142b3
-
SSDEEP
98304:716yO65OGQAlOoza46CaI2OlcIYFRLJI22LXXTAgqe:7UL6lmZDIOIYFRLJOnU+
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-