General
-
Target
02ff7e0e0e77cd65e3068b8ad435017fb84faf7266c61819244d1fad2124c377
-
Size
4.0MB
-
Sample
230203-vjnjgsbf8z
-
MD5
de6820290be69fcf9decf12af58b369f
-
SHA1
3a741df37238340ac33670bab7dca85b3f8853d2
-
SHA256
02ff7e0e0e77cd65e3068b8ad435017fb84faf7266c61819244d1fad2124c377
-
SHA512
3196a50792d807be525a72767b9cfddf4d7f45cf0131e10e64e99d9fc742d99239d0ac0816cfb2151a10476af908807a72bf9fe518a69adb887bb431da4574f4
-
SSDEEP
98304:QNTB01MdPAIJl0nUKsyE0/z5P3hXlzGVamuONuTrpuwJFJbmJxBafb6v:QNTBX57yIc9JXlqVamuyKuwJb0WTQ
Static task
static1
Malware Config
Targets
-
-
Target
02ff7e0e0e77cd65e3068b8ad435017fb84faf7266c61819244d1fad2124c377
-
Size
4.0MB
-
MD5
de6820290be69fcf9decf12af58b369f
-
SHA1
3a741df37238340ac33670bab7dca85b3f8853d2
-
SHA256
02ff7e0e0e77cd65e3068b8ad435017fb84faf7266c61819244d1fad2124c377
-
SHA512
3196a50792d807be525a72767b9cfddf4d7f45cf0131e10e64e99d9fc742d99239d0ac0816cfb2151a10476af908807a72bf9fe518a69adb887bb431da4574f4
-
SSDEEP
98304:QNTB01MdPAIJl0nUKsyE0/z5P3hXlzGVamuONuTrpuwJFJbmJxBafb6v:QNTBX57yIc9JXlqVamuyKuwJb0WTQ
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-