General
-
Target
b9ab6dd5a79314d6d3ffb6f38c6df6b6
-
Size
3.1MB
-
Sample
240307-z1vrcaea78
-
MD5
b9ab6dd5a79314d6d3ffb6f38c6df6b6
-
SHA1
8f82a9188b21369d8ed0396ddf0ef9b6f24a5c01
-
SHA256
1406f97bb936f2f6113b30fa9e1fcfee8fd3c1ce5adbe9b0ab3e74bcb73993ba
-
SHA512
e40023be0064f93c91cd5aadc923ebe99be1e03377d6746125b729bf35002204fa69cc37f1e91cda22a1f975a5a0dff96874ab378820c9d80966408d4a9a82b8
-
SSDEEP
49152:G9oDegDFLeDUZqN2U2+PslIhdHBolyAB2EyWkGjrZPEBDiJfEZKGpfx:QAe7ss7ABkGj8DyQBx
Malware Config
Targets
-
-
Target
b9ab6dd5a79314d6d3ffb6f38c6df6b6
-
Size
3.1MB
-
MD5
b9ab6dd5a79314d6d3ffb6f38c6df6b6
-
SHA1
8f82a9188b21369d8ed0396ddf0ef9b6f24a5c01
-
SHA256
1406f97bb936f2f6113b30fa9e1fcfee8fd3c1ce5adbe9b0ab3e74bcb73993ba
-
SHA512
e40023be0064f93c91cd5aadc923ebe99be1e03377d6746125b729bf35002204fa69cc37f1e91cda22a1f975a5a0dff96874ab378820c9d80966408d4a9a82b8
-
SSDEEP
49152:G9oDegDFLeDUZqN2U2+PslIhdHBolyAB2EyWkGjrZPEBDiJfEZKGpfx:QAe7ss7ABkGj8DyQBx
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-