General
-
Target
6bd839bfa6af1787f2673b65b09b5caab296de2e06bcd9411bd814a01ca964e5
-
Size
4.1MB
-
Sample
230204-r7k7gsde75
-
MD5
b2988ca9ac6094090baeb9d1ca4ca552
-
SHA1
3abbd43fb37ac7e955b2bd0004a18d58363cfad2
-
SHA256
6bd839bfa6af1787f2673b65b09b5caab296de2e06bcd9411bd814a01ca964e5
-
SHA512
e52925c8a735cb2307c6938547336a18090d33fa1ff2ed3de4b8b70730fce5f65c0b3a27135adec1cc49ed949fb75c02bb7f5c86c7659ee172e4295a5c94ad58
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKp8:pDfj9nUcHel/H/pLnWKp8
Static task
static1
Malware Config
Targets
-
-
Target
6bd839bfa6af1787f2673b65b09b5caab296de2e06bcd9411bd814a01ca964e5
-
Size
4.1MB
-
MD5
b2988ca9ac6094090baeb9d1ca4ca552
-
SHA1
3abbd43fb37ac7e955b2bd0004a18d58363cfad2
-
SHA256
6bd839bfa6af1787f2673b65b09b5caab296de2e06bcd9411bd814a01ca964e5
-
SHA512
e52925c8a735cb2307c6938547336a18090d33fa1ff2ed3de4b8b70730fce5f65c0b3a27135adec1cc49ed949fb75c02bb7f5c86c7659ee172e4295a5c94ad58
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKp8:pDfj9nUcHel/H/pLnWKp8
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-