General
-
Target
astronomity - pass 1.rar
-
Size
20.2MB
-
Sample
241114-ztkykasnes
-
MD5
44a5afb8c9a3434f5737993fa0feeebf
-
SHA1
021fa6d3aa155bd24445b303c8fd54dfa580e857
-
SHA256
a9ad141dbfd79c2411bd99d1da466c369ac09ed5c6f179c63b15132e837167e5
-
SHA512
ae2387956647a173ee2f07c3f95d6777a162cf3bf32c8e429464929248246bbe7392a77d02629850ccd6c735630eafc0d9dfdb409b3958e19c08a63d36e8cd69
-
SSDEEP
393216:/haU4FEKpD6bT2iRtf6RL2o8j0UPREjmdmqs53WTFQu44faLPQ2iivjTbwlpgpNW:/hAFEKWbT2iraMFREjR536QujCQ26gpw
Malware Config
Targets
-
-
Target
astronomity - pass 1.rar
-
Size
20.2MB
-
MD5
44a5afb8c9a3434f5737993fa0feeebf
-
SHA1
021fa6d3aa155bd24445b303c8fd54dfa580e857
-
SHA256
a9ad141dbfd79c2411bd99d1da466c369ac09ed5c6f179c63b15132e837167e5
-
SHA512
ae2387956647a173ee2f07c3f95d6777a162cf3bf32c8e429464929248246bbe7392a77d02629850ccd6c735630eafc0d9dfdb409b3958e19c08a63d36e8cd69
-
SSDEEP
393216:/haU4FEKpD6bT2iRtf6RL2o8j0UPREjmdmqs53WTFQu44faLPQ2iivjTbwlpgpNW:/hAFEKWbT2iraMFREjR536QujCQ26gpw
Score8/10-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Detected potential entity reuse from brand MICROSOFT.
-
Detected potential entity reuse from brand STEAM.
-