General
-
Target
cc4d2ea6e61729afaa5e951e92854475ca0848d1f9606be6a2c1aeee34911370
-
Size
4.0MB
-
Sample
230203-q51nqaba9v
-
MD5
f65d128c47648a77095907ac38721106
-
SHA1
c4ccfc3b631930613eade44bb4f47290acfc692f
-
SHA256
cc4d2ea6e61729afaa5e951e92854475ca0848d1f9606be6a2c1aeee34911370
-
SHA512
2f97a0ed7ecb1c2bf857bf641fb0a53ac2d298b0699662474e462c5752847d64d4f8089828731cadb21eb01cefd8bfa9e4d669d93cfe054bbe031b1af6f7d43d
-
SSDEEP
98304:8GSbJxmOgeiNNouGEFld6IhVtlgAQVM78udAK:87JxmFTAtEFCIzXeuSK
Static task
static1
Malware Config
Targets
-
-
Target
cc4d2ea6e61729afaa5e951e92854475ca0848d1f9606be6a2c1aeee34911370
-
Size
4.0MB
-
MD5
f65d128c47648a77095907ac38721106
-
SHA1
c4ccfc3b631930613eade44bb4f47290acfc692f
-
SHA256
cc4d2ea6e61729afaa5e951e92854475ca0848d1f9606be6a2c1aeee34911370
-
SHA512
2f97a0ed7ecb1c2bf857bf641fb0a53ac2d298b0699662474e462c5752847d64d4f8089828731cadb21eb01cefd8bfa9e4d669d93cfe054bbe031b1af6f7d43d
-
SSDEEP
98304:8GSbJxmOgeiNNouGEFld6IhVtlgAQVM78udAK:87JxmFTAtEFCIzXeuSK
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-