General
-
Target
4a1e1132726554509548a26af2e857df91de7781609999840057e7241356e667
-
Size
4.0MB
-
Sample
230203-q1k3gafe72
-
MD5
05944d916b7c4910470a8e09031602c2
-
SHA1
ec5823217ed7d7457ceda621ea4d8f38abdf8cc8
-
SHA256
4a1e1132726554509548a26af2e857df91de7781609999840057e7241356e667
-
SHA512
fae40b5875f1e0824c80fe42d138a86c49a5a88d9996542af4a3f2e378110552b0b5aa1f00f964cbf9a650eb9e0989c0fe928b442bf7cbcfe866efca927adc46
-
SSDEEP
98304:8GSbJxmOgeiNNouGEFld6IhVtlgAQVM78udAf:87JxmFTAtEFCIzXeuSf
Static task
static1
Malware Config
Targets
-
-
Target
4a1e1132726554509548a26af2e857df91de7781609999840057e7241356e667
-
Size
4.0MB
-
MD5
05944d916b7c4910470a8e09031602c2
-
SHA1
ec5823217ed7d7457ceda621ea4d8f38abdf8cc8
-
SHA256
4a1e1132726554509548a26af2e857df91de7781609999840057e7241356e667
-
SHA512
fae40b5875f1e0824c80fe42d138a86c49a5a88d9996542af4a3f2e378110552b0b5aa1f00f964cbf9a650eb9e0989c0fe928b442bf7cbcfe866efca927adc46
-
SSDEEP
98304:8GSbJxmOgeiNNouGEFld6IhVtlgAQVM78udAf:87JxmFTAtEFCIzXeuSf
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-