General
-
Target
Module.dll
-
Size
4.9MB
-
Sample
240415-m74xdafb8w
-
MD5
5b607c17bd58fc09053ae6e6cf591ef2
-
SHA1
ded6dfff7bb1a6353c5797b5bd2ebcecc4eb95e3
-
SHA256
1c81d14d5ab040b4705c73ce7ed3f7f01ce02c70814b89e29ca17ac3b67e7699
-
SHA512
50d271d77f31550fd362105c5dfd2f3bc853ecb31dae645e6af1ef21f73770a8f2b56561d3b742ebc531b9e3aadbf1f0b8e62205486e60c5a2c1c4ebd49998a6
-
SSDEEP
49152:b0Fmy/YWX13M3a1Bvg/TdEV8dCE2Co8YSgkT+/zYJ:+myQIaK1BY/iV8dMSU8
Static task
static1
Malware Config
Targets
-
-
Target
Module.dll
-
Size
4.9MB
-
MD5
5b607c17bd58fc09053ae6e6cf591ef2
-
SHA1
ded6dfff7bb1a6353c5797b5bd2ebcecc4eb95e3
-
SHA256
1c81d14d5ab040b4705c73ce7ed3f7f01ce02c70814b89e29ca17ac3b67e7699
-
SHA512
50d271d77f31550fd362105c5dfd2f3bc853ecb31dae645e6af1ef21f73770a8f2b56561d3b742ebc531b9e3aadbf1f0b8e62205486e60c5a2c1c4ebd49998a6
-
SSDEEP
49152:b0Fmy/YWX13M3a1Bvg/TdEV8dCE2Co8YSgkT+/zYJ:+myQIaK1BY/iV8dMSU8
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-