General
-
Target
PO. NO.TA-20008.bin
-
Size
48KB
-
Sample
200214-kvg544lxja
-
MD5
97f0eb30b55c7c8d83fc946b5ba39a24
-
SHA1
689b289faa30d163551cffe7183a5e51a60eb428
-
SHA256
4abf7cc7eb966041f00af95a921afcd5b24342f39f2a1a01ce8b8400eeaa2982
-
SHA512
8e01b7cfd60ad6035cd948ae43bd9f022def06b3045bd6d654ea176836d4c1cc5fceafbc38b85e92fbc55518274d97a58f78daba17344d3c1c7d1fe111f04785
Score
8/10
Malware Config
Targets
-
-
Target
PO. NO.TA-20008.bin
-
Size
48KB
-
MD5
97f0eb30b55c7c8d83fc946b5ba39a24
-
SHA1
689b289faa30d163551cffe7183a5e51a60eb428
-
SHA256
4abf7cc7eb966041f00af95a921afcd5b24342f39f2a1a01ce8b8400eeaa2982
-
SHA512
8e01b7cfd60ad6035cd948ae43bd9f022def06b3045bd6d654ea176836d4c1cc5fceafbc38b85e92fbc55518274d97a58f78daba17344d3c1c7d1fe111f04785
Score8/10-
Adds Run entry to policy start application
-
Deletes itself
-
Adds Run entry to start application
-
Checks whether UAC is enabled
-
Modifies system certificate store
-
Reads browser user data or profiles (possible credential harvesting)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-