General
-
Target
3500df87f447f6d6d632ec17b4dccc6f5dd5cca58d1668937aa9ff20f434b05f
-
Size
4.0MB
-
Sample
230204-kdbbvsgc2t
-
MD5
e3158383e53fc6c86416e07c836d81cc
-
SHA1
05e050862494609a6ac0c270fe03a4ae541e6a3e
-
SHA256
3500df87f447f6d6d632ec17b4dccc6f5dd5cca58d1668937aa9ff20f434b05f
-
SHA512
dac017f76c1862316c73d294ef0c2f99f66e0295e7fdb59f4ce9d591e6dc79decca194363e08666ba272bed720523e882a14e7522d0a561d8cca196a5767c75c
-
SSDEEP
98304:rdREkzcI1qdyckvktiqiexmGldkJXl5ZlJ9xZILtcwBbnz:rkkwz3kv5qopJ9xmHB/
Static task
static1
Malware Config
Targets
-
-
Target
3500df87f447f6d6d632ec17b4dccc6f5dd5cca58d1668937aa9ff20f434b05f
-
Size
4.0MB
-
MD5
e3158383e53fc6c86416e07c836d81cc
-
SHA1
05e050862494609a6ac0c270fe03a4ae541e6a3e
-
SHA256
3500df87f447f6d6d632ec17b4dccc6f5dd5cca58d1668937aa9ff20f434b05f
-
SHA512
dac017f76c1862316c73d294ef0c2f99f66e0295e7fdb59f4ce9d591e6dc79decca194363e08666ba272bed720523e882a14e7522d0a561d8cca196a5767c75c
-
SSDEEP
98304:rdREkzcI1qdyckvktiqiexmGldkJXl5ZlJ9xZILtcwBbnz:rkkwz3kv5qopJ9xmHB/
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-