General
-
Target
4e0dbc8831e3e3d2b4fe56069b5384e4dbf245716705a4f5465121e5040fe1ae
-
Size
4.0MB
-
Sample
230203-ra2szabb31
-
MD5
35c19c03e460ccffc543c3de46cd12e8
-
SHA1
61b5b3970570a2104cc61706150a17e9892aa4b7
-
SHA256
4e0dbc8831e3e3d2b4fe56069b5384e4dbf245716705a4f5465121e5040fe1ae
-
SHA512
b0f0a4f225cddc7076188968fdfcab130277442c7186c23fff39f1424f1cb916e7e9a7de0844ad6adcc552d0a1d95df02073b3b212f167ad9cc044a0325bfa79
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BUO:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbf
Static task
static1
Malware Config
Targets
-
-
Target
4e0dbc8831e3e3d2b4fe56069b5384e4dbf245716705a4f5465121e5040fe1ae
-
Size
4.0MB
-
MD5
35c19c03e460ccffc543c3de46cd12e8
-
SHA1
61b5b3970570a2104cc61706150a17e9892aa4b7
-
SHA256
4e0dbc8831e3e3d2b4fe56069b5384e4dbf245716705a4f5465121e5040fe1ae
-
SHA512
b0f0a4f225cddc7076188968fdfcab130277442c7186c23fff39f1424f1cb916e7e9a7de0844ad6adcc552d0a1d95df02073b3b212f167ad9cc044a0325bfa79
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BUO:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbf
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-