General
-
Target
d1de828d7c61c14b99b11fab8ba438d9a1bde1c82dc51d946f11c8e5badd48d6
-
Size
309KB
-
Sample
230825-l88fhsaf82
-
MD5
0dc1a38c8f58902104979b2e473a1d5d
-
SHA1
cb086f20b0bdc01354407c63add6a41cbf056770
-
SHA256
d1de828d7c61c14b99b11fab8ba438d9a1bde1c82dc51d946f11c8e5badd48d6
-
SHA512
c541292040606db1384d920885351adf0429b69a8fa201296012fdeee967c83bf6165908a88176c811422cc8656bf7e16a1a9012e9898809108f2c584b5f5c3d
-
SSDEEP
6144:LAetO1M/tZSYGGOmJsnenCplup1M8/0jxb0h8fkUGqcByfVTFX5pJjmO:E+P/3ksJsioup1r0jeUG0VTFf
Malware Config
Targets
-
-
Target
d1de828d7c61c14b99b11fab8ba438d9a1bde1c82dc51d946f11c8e5badd48d6
-
Size
309KB
-
MD5
0dc1a38c8f58902104979b2e473a1d5d
-
SHA1
cb086f20b0bdc01354407c63add6a41cbf056770
-
SHA256
d1de828d7c61c14b99b11fab8ba438d9a1bde1c82dc51d946f11c8e5badd48d6
-
SHA512
c541292040606db1384d920885351adf0429b69a8fa201296012fdeee967c83bf6165908a88176c811422cc8656bf7e16a1a9012e9898809108f2c584b5f5c3d
-
SSDEEP
6144:LAetO1M/tZSYGGOmJsnenCplup1M8/0jxb0h8fkUGqcByfVTFX5pJjmO:E+P/3ksJsioup1r0jeUG0VTFf
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops file in Drivers directory
-
Deletes itself
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Drops file in System32 directory
-