General
-
Target
48b294c19fbdc62aee16e46878bce84ac6b656167e80dfb74f27f067ea300324
-
Size
4.0MB
-
Sample
230203-rk34sabb8w
-
MD5
fae0c701fed179f4e89b2ba970699cd9
-
SHA1
ffdfe38cf251b44308089eb27f2bb80689fe9a57
-
SHA256
48b294c19fbdc62aee16e46878bce84ac6b656167e80dfb74f27f067ea300324
-
SHA512
fa52cac5dad375cabda018de6b10eef056856747fc91dec8ca8a00391d416d6f7554c0ce26a59d44ed5fea643dc4541245c4555d3982ffb5fc9cb8d163d8d93c
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BUs:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbl
Static task
static1
Malware Config
Targets
-
-
Target
48b294c19fbdc62aee16e46878bce84ac6b656167e80dfb74f27f067ea300324
-
Size
4.0MB
-
MD5
fae0c701fed179f4e89b2ba970699cd9
-
SHA1
ffdfe38cf251b44308089eb27f2bb80689fe9a57
-
SHA256
48b294c19fbdc62aee16e46878bce84ac6b656167e80dfb74f27f067ea300324
-
SHA512
fa52cac5dad375cabda018de6b10eef056856747fc91dec8ca8a00391d416d6f7554c0ce26a59d44ed5fea643dc4541245c4555d3982ffb5fc9cb8d163d8d93c
-
SSDEEP
98304:v8dodhtYG03voWFg2nOkS9XHodYqODR4G372YmH+TNf9BUs:v8doLtH0/bg2OkS9XHodYqMRfL2YmIbl
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-