General
-
Target
Specifications.exe
-
Size
757KB
-
Sample
240617-nq1n3ayerb
-
MD5
1724bf93af4c371ce30369f59b3b43bf
-
SHA1
555106c85d133a1362904317afdae88e8c8d6b43
-
SHA256
b26fa277f86ce0b561cd4c563fc0e2a44623fdc0ad0cf97d6222537937df50f4
-
SHA512
fa2747830e3b7e0ca2ba9d8288e721ec96cf73608ba40787309b84ef4797a89f618613d2734b7a1850bfaa961da9ebb9f606e90c61c241c92d564bd7ad9f7df6
-
SSDEEP
12288:5FRwba0Ugzh4BIUFPefhPh7kwIpur5QF/gtVIhodF8NBQX4A/cORo:KOLgrUFEhPh7kNpDF/goKdyNBNA/c
Malware Config
Targets
-
-
Target
Specifications.exe
-
Size
757KB
-
MD5
1724bf93af4c371ce30369f59b3b43bf
-
SHA1
555106c85d133a1362904317afdae88e8c8d6b43
-
SHA256
b26fa277f86ce0b561cd4c563fc0e2a44623fdc0ad0cf97d6222537937df50f4
-
SHA512
fa2747830e3b7e0ca2ba9d8288e721ec96cf73608ba40787309b84ef4797a89f618613d2734b7a1850bfaa961da9ebb9f606e90c61c241c92d564bd7ad9f7df6
-
SSDEEP
12288:5FRwba0Ugzh4BIUFPefhPh7kwIpur5QF/gtVIhodF8NBQX4A/cORo:KOLgrUFEhPh7kNpDF/goKdyNBNA/c
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-