General
-
Target
00e1ff9218e04fffd406017ef5910d804238d3080f57731dd6cad97e4c78b1bd
-
Size
4.1MB
-
Sample
230204-sek7fsgh81
-
MD5
498b7f675df038567a302ed8677b130e
-
SHA1
b502ba26e065bc8377f906874769560247f03849
-
SHA256
00e1ff9218e04fffd406017ef5910d804238d3080f57731dd6cad97e4c78b1bd
-
SHA512
274218df528f55e2a4113e4e439b17e280929e0f1180f50175bb76f0629c0ff2581fb753329285e4f27c1cd298a6d4b2181940b6f92f0a298b4a67aa8eff1d91
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpO:pDfj9nUcHel/H/pLnWKpO
Static task
static1
Malware Config
Targets
-
-
Target
00e1ff9218e04fffd406017ef5910d804238d3080f57731dd6cad97e4c78b1bd
-
Size
4.1MB
-
MD5
498b7f675df038567a302ed8677b130e
-
SHA1
b502ba26e065bc8377f906874769560247f03849
-
SHA256
00e1ff9218e04fffd406017ef5910d804238d3080f57731dd6cad97e4c78b1bd
-
SHA512
274218df528f55e2a4113e4e439b17e280929e0f1180f50175bb76f0629c0ff2581fb753329285e4f27c1cd298a6d4b2181940b6f92f0a298b4a67aa8eff1d91
-
SSDEEP
98304:ptdYso4BYknUKFgR+pvYrlykOf21dp0rBKp/lVWKpO:pDfj9nUcHel/H/pLnWKpO
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-