General
-
Target
52f086734162c863c097d72b35948d2a845cde610570878f7bfdf9997bbb7be6
-
Size
4.0MB
-
Sample
230206-fw4znsfe8s
-
MD5
1495811f68960484dd420e85009facf4
-
SHA1
bbfaacb3b55b4c28f7c8928eed531a3f0607757a
-
SHA256
52f086734162c863c097d72b35948d2a845cde610570878f7bfdf9997bbb7be6
-
SHA512
70a4be646e3de71a1201a82a125154b8d65a15b45d96ee1e9919efbc8a4b04932867d5f49c0a3f691e07447cf8cc4b3f33781b4721dc8dcca2c43c06fc278031
-
SSDEEP
98304:qwgxt7g9gcuIGYKQL4XiiKryNDfVn3RmhukDfnHHDq:qb7g9pGxQkaQbJYBDHG
Static task
static1
Malware Config
Targets
-
-
Target
52f086734162c863c097d72b35948d2a845cde610570878f7bfdf9997bbb7be6
-
Size
4.0MB
-
MD5
1495811f68960484dd420e85009facf4
-
SHA1
bbfaacb3b55b4c28f7c8928eed531a3f0607757a
-
SHA256
52f086734162c863c097d72b35948d2a845cde610570878f7bfdf9997bbb7be6
-
SHA512
70a4be646e3de71a1201a82a125154b8d65a15b45d96ee1e9919efbc8a4b04932867d5f49c0a3f691e07447cf8cc4b3f33781b4721dc8dcca2c43c06fc278031
-
SSDEEP
98304:qwgxt7g9gcuIGYKQL4XiiKryNDfVn3RmhukDfnHHDq:qb7g9pGxQkaQbJYBDHG
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-