General
-
Target
application.zip
-
Size
29.7MB
-
Sample
241119-w1bfxsvkal
-
MD5
b43178403113cd78f4849471aa179edb
-
SHA1
843bc7b1fff4ba6e8b81d95276765a88b24131b7
-
SHA256
64b12f1d65a1a709abf4588142f73a9fa4d457d0da3714683e2a2be0b3321992
-
SHA512
4a51f18e52677682addf36318797ef615e29879b73a2271ddf296749d7019beeec7cc339a98ad64182a7ea4613376f74ef02315f4e39471281bf6004cd0b7a32
-
SSDEEP
786432:OFmAsk7nqoqoz6cHvzz+vn+aqa2Tb33yOLV1NA4pdti/oZ:ysgqXo+izNbn5LDFpfB
Static task
static1
Malware Config
Targets
-
-
Target
Loader_dll/loaderV12.exe
-
Size
62.3MB
-
MD5
8e533e9d973e49f1251a5a5343650130
-
SHA1
2c94ccaf726d034c426425e6b74755b941880566
-
SHA256
6465765c30c964f99f3afadb81383993893cfcbb47d4740b368a11e5dc614f1e
-
SHA512
a03ce278551642f8e615dbf617d6480794909f5648e108644f1db9c5a694a334c6b14ed3bc1b82da65e67e78d2d03f3871335d19116ad4624fdc1e0ca32a0d38
-
SSDEEP
393216:W5HH6Cms5ku95LoagbWWToiadeqW5ZKwq/2Q3HAswsOjNnFRujVebELXD6uP9wjT:WhH6CmsXV1WpaAPZc2ugV2ebVuP+/
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-