General
-
Target
97548bfd756df5f090691d80888dda804b9fd3de964b85df381f36e8031285b5
-
Size
4.1MB
-
Sample
230204-plcxwadc39
-
MD5
69a4ebbd14e1e61413003f44ea9f3c2b
-
SHA1
73752c929aa94e4cbe1984ff07745082e25ee0b0
-
SHA256
97548bfd756df5f090691d80888dda804b9fd3de964b85df381f36e8031285b5
-
SHA512
0d9de876d2ebfc5c84a7a2ba7083131e3471bdf2c268dc40399b967fef08bdab5fc9f41b1df1794256cfdd881e3feea6fec525f0670efa31ff11c74707338bef
-
SSDEEP
98304:+8YbpkZf1JEeCq0fbawcb9V+ONBsQ2q3SAcnLJ2Dr8Pd:+gf1bCq0fblyHhBsPqoJcm
Static task
static1
Malware Config
Targets
-
-
Target
97548bfd756df5f090691d80888dda804b9fd3de964b85df381f36e8031285b5
-
Size
4.1MB
-
MD5
69a4ebbd14e1e61413003f44ea9f3c2b
-
SHA1
73752c929aa94e4cbe1984ff07745082e25ee0b0
-
SHA256
97548bfd756df5f090691d80888dda804b9fd3de964b85df381f36e8031285b5
-
SHA512
0d9de876d2ebfc5c84a7a2ba7083131e3471bdf2c268dc40399b967fef08bdab5fc9f41b1df1794256cfdd881e3feea6fec525f0670efa31ff11c74707338bef
-
SSDEEP
98304:+8YbpkZf1JEeCq0fbawcb9V+ONBsQ2q3SAcnLJ2Dr8Pd:+gf1bCq0fblyHhBsPqoJcm
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-