General
-
Target
90328ae0c3b2532505ad7a0af5ba7a966194ce1d3530b667f2efd6406e433c69
-
Size
4.0MB
-
Sample
230203-na9l2aeg48
-
MD5
607ded7fc84ef97ac7c9769c21026f87
-
SHA1
b8681c88bfc656ef2242b498202ad1fb557a53a6
-
SHA256
90328ae0c3b2532505ad7a0af5ba7a966194ce1d3530b667f2efd6406e433c69
-
SHA512
7d8408dc9e1c60d57f1a61f3c9e547b34a336c1b98b91f09b46636595872b41bd8b366eb965902cd5dc841e0b6e8fbb1db2aaf28e2a9bb9026dde2654b696642
-
SSDEEP
49152:7v0l8b+aUXeV/1OAv6JYQKKuf8uPn0RGKouo17A8YNRvE0C7JGoY4sPkkCEV:Ql8K61xWYQKguPnFKoVvkvXC8cmV
Static task
static1
Malware Config
Targets
-
-
Target
90328ae0c3b2532505ad7a0af5ba7a966194ce1d3530b667f2efd6406e433c69
-
Size
4.0MB
-
MD5
607ded7fc84ef97ac7c9769c21026f87
-
SHA1
b8681c88bfc656ef2242b498202ad1fb557a53a6
-
SHA256
90328ae0c3b2532505ad7a0af5ba7a966194ce1d3530b667f2efd6406e433c69
-
SHA512
7d8408dc9e1c60d57f1a61f3c9e547b34a336c1b98b91f09b46636595872b41bd8b366eb965902cd5dc841e0b6e8fbb1db2aaf28e2a9bb9026dde2654b696642
-
SSDEEP
49152:7v0l8b+aUXeV/1OAv6JYQKKuf8uPn0RGKouo17A8YNRvE0C7JGoY4sPkkCEV:Ql8K61xWYQKguPnFKoVvkvXC8cmV
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-