General
-
Target
88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef
-
Size
4.1MB
-
Sample
230204-r8agdagh7z
-
MD5
1721a7f0f9f163e12636a88e260b1c78
-
SHA1
93ec46a8ccbb742b5c289b48b783fcc6f4e08d1f
-
SHA256
88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef
-
SHA512
ea7480d09203620a98d68175b3eb6ac534290e0403e2d2b73d88248b0dafd177e6520faaf3ffa73e477a6189e20e325f65b779898da3f04b936bfa2949226232
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpF:pDfj9nUcHel/H/pLnWKpF
Static task
static1
Malware Config
Targets
-
-
Target
88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef
-
Size
4.1MB
-
MD5
1721a7f0f9f163e12636a88e260b1c78
-
SHA1
93ec46a8ccbb742b5c289b48b783fcc6f4e08d1f
-
SHA256
88215f2f55e9bedbac122a24ed701d9e0c4ba17a2847ff1e194adf6c4d654eef
-
SHA512
ea7480d09203620a98d68175b3eb6ac534290e0403e2d2b73d88248b0dafd177e6520faaf3ffa73e477a6189e20e325f65b779898da3f04b936bfa2949226232
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpF:pDfj9nUcHel/H/pLnWKpF
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-