General
-
Target
1305282890e8dc22ae0aaa662c14a82b428556030fc72bde80300465a6dc0dc4
-
Size
4.1MB
-
Sample
230204-pgb5sadc26
-
MD5
44d2ee8ef4e1788998264d32c6c8cd20
-
SHA1
b9ef3f9f4f87be10175c33e619554fabc1a68bf8
-
SHA256
1305282890e8dc22ae0aaa662c14a82b428556030fc72bde80300465a6dc0dc4
-
SHA512
14a430a4882ed7b7a7d45d30aed29d84f7807711b9d0a8852a2c2dd8d7d5ac767f25b669d71e999cd2213477676996a4a97831d3d4bacf95fd57bd6574e8ca7e
-
SSDEEP
98304:+8YbpkZf1JEeCq0fbawcb9V+ONBsQ2q3SAcnLJ2Dr8PW:+gf1bCq0fblyHhBsPqoJcd
Static task
static1
Malware Config
Targets
-
-
Target
1305282890e8dc22ae0aaa662c14a82b428556030fc72bde80300465a6dc0dc4
-
Size
4.1MB
-
MD5
44d2ee8ef4e1788998264d32c6c8cd20
-
SHA1
b9ef3f9f4f87be10175c33e619554fabc1a68bf8
-
SHA256
1305282890e8dc22ae0aaa662c14a82b428556030fc72bde80300465a6dc0dc4
-
SHA512
14a430a4882ed7b7a7d45d30aed29d84f7807711b9d0a8852a2c2dd8d7d5ac767f25b669d71e999cd2213477676996a4a97831d3d4bacf95fd57bd6574e8ca7e
-
SSDEEP
98304:+8YbpkZf1JEeCq0fbawcb9V+ONBsQ2q3SAcnLJ2Dr8PW:+gf1bCq0fblyHhBsPqoJcd
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-