General
-
Target
2d698498e586bca2a5c028d9993eab50N.exe
-
Size
2.3MB
-
Sample
240905-d7pm1sscpl
-
MD5
2d698498e586bca2a5c028d9993eab50
-
SHA1
49a0cffec59f12787b331d1f77d6e45d478bc529
-
SHA256
e278a239f0871de08f812a0f31626ae470dbfb3250fbcf19d7ba128a7765d24d
-
SHA512
b7b3a1d5989674f6f649542ee2e859ff91c9b7fb6301ec7f6dd18b206eb5c0cb7c1edf8f7a1d7a6af93046d3964584be08fa636a195d30f661e4f5443904454c
-
SSDEEP
49152:Gjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:GrkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Malware Config
Targets
-
-
Target
2d698498e586bca2a5c028d9993eab50N.exe
-
Size
2.3MB
-
MD5
2d698498e586bca2a5c028d9993eab50
-
SHA1
49a0cffec59f12787b331d1f77d6e45d478bc529
-
SHA256
e278a239f0871de08f812a0f31626ae470dbfb3250fbcf19d7ba128a7765d24d
-
SHA512
b7b3a1d5989674f6f649542ee2e859ff91c9b7fb6301ec7f6dd18b206eb5c0cb7c1edf8f7a1d7a6af93046d3964584be08fa636a195d30f661e4f5443904454c
-
SSDEEP
49152:Gjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:GrkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-