General
-
Target
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2
-
Size
880KB
-
Sample
200320-h8phrqz6qx
-
MD5
ad1cc54ef3a616fc1bd39a969b62d3da
-
SHA1
ec048557707d538d4760dc815bee261577831aa5
-
SHA256
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2
-
SHA512
29f0e1659b931a65866a9e2b931e2aa44a0439ff4c290812eca84b84ec383258af9d4e72377457a3812f887acc21ab0071125b11071da88645e0c912a024bc03
Static task
static1
Behavioral task
behavioral1
Sample
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2.exe
Resource
win7v200217
Behavioral task
behavioral2
Sample
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2.exe
Resource
win10v200217
Malware Config
Targets
-
-
Target
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2
-
Size
880KB
-
MD5
ad1cc54ef3a616fc1bd39a969b62d3da
-
SHA1
ec048557707d538d4760dc815bee261577831aa5
-
SHA256
9693e2a7e8f4b1d7e7cee1cbbfc6d627700e4bf0704fbe4c1bf7a8520cd823d2
-
SHA512
29f0e1659b931a65866a9e2b931e2aa44a0439ff4c290812eca84b84ec383258af9d4e72377457a3812f887acc21ab0071125b11071da88645e0c912a024bc03
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Disables RegEdit via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-