General
-
Target
http://ohsoft.net/update/ohupdate.php?program=b2NhbV9lbg%3D%3D&q=QTRCNEI5ODMwOTkyMUQ0RUIxREFCQzMwNzY1M0M0ODQ%3D&hkey=NWQ0ODVmNjVlNDRiMWQwYjZiNWI0YTEwMDliNzcwMzI%3D&v=TlZJRElBK0dlRm9yY2UrUlRYKzIwNjArU1VQRVI%3D&o=TWljcm9zb2Z0K1dpbmRvd3MrMTArUHJvJTdDNjQlN0MxMDUx&ver=MjAyMzEyMTUwMQ%3D%3D
-
Sample
240709-k92tpaygpb
Score
8/10
Malware Config
Targets
-
-
Target
http://ohsoft.net/update/ohupdate.php?program=b2NhbV9lbg%3D%3D&q=QTRCNEI5ODMwOTkyMUQ0RUIxREFCQzMwNzY1M0M0ODQ%3D&hkey=NWQ0ODVmNjVlNDRiMWQwYjZiNWI0YTEwMDliNzcwMzI%3D&v=TlZJRElBK0dlRm9yY2UrUlRYKzIwNjArU1VQRVI%3D&o=TWljcm9zb2Z0K1dpbmRvd3MrMTArUHJvJTdDNjQlN0MxMDUx&ver=MjAyMzEyMTUwMQ%3D%3D
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-