General
-
Target
Local State
-
Size
76KB
-
Sample
240523-cqxfvsac2v
-
MD5
f0cb3f5dd79b04012b312f79affc700a
-
SHA1
d967d6f0381b1f57fb902877e1d12596dc1f60b7
-
SHA256
9f97b6f81e43589bfdd73832aa56fd101199cce5f9cf5e5c14ae049c8e5544fc
-
SHA512
865d58a9863cf29a5c412141939857acc44ce00d87bd81b7caf1a5d0b9a3f3612e7d572360b9d65aaa8d7070be26568a2e23edc574a7ca422f6fa0cea422b8e6
-
SSDEEP
1536:LW9WnLs9JevHr1tcrueYz0gdegvkUYHf+OiESsM0SH8IQ:XLsrGHZtLeYlkxGOi/sM0N
Static task
static1
Malware Config
Targets
-
-
Target
Local State
-
Size
76KB
-
MD5
f0cb3f5dd79b04012b312f79affc700a
-
SHA1
d967d6f0381b1f57fb902877e1d12596dc1f60b7
-
SHA256
9f97b6f81e43589bfdd73832aa56fd101199cce5f9cf5e5c14ae049c8e5544fc
-
SHA512
865d58a9863cf29a5c412141939857acc44ce00d87bd81b7caf1a5d0b9a3f3612e7d572360b9d65aaa8d7070be26568a2e23edc574a7ca422f6fa0cea422b8e6
-
SSDEEP
1536:LW9WnLs9JevHr1tcrueYz0gdegvkUYHf+OiESsM0SH8IQ:XLsrGHZtLeYlkxGOi/sM0N
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-