General
-
Target
ccda0c16d9cc062d3bb5319bde34d3b2ac87c5ebf9d8ff7d686fa6d9edf10d34
-
Size
4.0MB
-
Sample
230204-fqwq4sfh4y
-
MD5
641924630a9fcbaf7901a7b45513f435
-
SHA1
e756fcc83788454e4242b7faf48fa2862a16148d
-
SHA256
ccda0c16d9cc062d3bb5319bde34d3b2ac87c5ebf9d8ff7d686fa6d9edf10d34
-
SHA512
bdcff087a699bd171b7bb0b0ccb41c79c419fe20633e3d03b926e051f46c5cac14859b52d079375bc6f86aea0d39ffa7b22a2f41773464d2064560dea175a25b
-
SSDEEP
98304:ayKj4/EuyB7vnyJSeAt6ga7W5IRytB1FhU10:8j0ByB7vnyJSXa7MtB1x
Static task
static1
Malware Config
Targets
-
-
Target
ccda0c16d9cc062d3bb5319bde34d3b2ac87c5ebf9d8ff7d686fa6d9edf10d34
-
Size
4.0MB
-
MD5
641924630a9fcbaf7901a7b45513f435
-
SHA1
e756fcc83788454e4242b7faf48fa2862a16148d
-
SHA256
ccda0c16d9cc062d3bb5319bde34d3b2ac87c5ebf9d8ff7d686fa6d9edf10d34
-
SHA512
bdcff087a699bd171b7bb0b0ccb41c79c419fe20633e3d03b926e051f46c5cac14859b52d079375bc6f86aea0d39ffa7b22a2f41773464d2064560dea175a25b
-
SSDEEP
98304:ayKj4/EuyB7vnyJSeAt6ga7W5IRytB1FhU10:8j0ByB7vnyJSXa7MtB1x
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-