General
-
Target
8be6a7699fd6c541d483e40142cae6e6250966a91d71051de48374abf0718aa5
-
Size
4.0MB
-
Sample
230204-fxyt2scf45
-
MD5
faa355209527767d87265d161e53d712
-
SHA1
994fb590a2dbf14824cd5933007d943fc63df0f6
-
SHA256
8be6a7699fd6c541d483e40142cae6e6250966a91d71051de48374abf0718aa5
-
SHA512
8c5d521d3f049faca88e1ac17d829044ad0b45f9ac1d2bc4fe6cfe4b2a7911c8ef0964629a814112c5b2660d02dd4c1dbec5b8e6ce4e9b6c88548c9b889e1b1f
-
SSDEEP
98304:ayKj4/EuyB7vnyJSeAt6ga7W5IRytB1FhU1S:8j0ByB7vnyJSXa7MtB1j
Static task
static1
Malware Config
Targets
-
-
Target
8be6a7699fd6c541d483e40142cae6e6250966a91d71051de48374abf0718aa5
-
Size
4.0MB
-
MD5
faa355209527767d87265d161e53d712
-
SHA1
994fb590a2dbf14824cd5933007d943fc63df0f6
-
SHA256
8be6a7699fd6c541d483e40142cae6e6250966a91d71051de48374abf0718aa5
-
SHA512
8c5d521d3f049faca88e1ac17d829044ad0b45f9ac1d2bc4fe6cfe4b2a7911c8ef0964629a814112c5b2660d02dd4c1dbec5b8e6ce4e9b6c88548c9b889e1b1f
-
SSDEEP
98304:ayKj4/EuyB7vnyJSeAt6ga7W5IRytB1FhU1S:8j0ByB7vnyJSXa7MtB1j
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-