General
-
Target
contract supply list.exe
-
Size
311KB
-
Sample
200712-rxa8avqv12
-
MD5
1c8f2480d5bfe4d9bbe8bc432ccc5c97
-
SHA1
5ff74ec7bd4d10582ce2c949ade827b1ccb23d21
-
SHA256
24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac
-
SHA512
158ec88cc3d9ee15c2a96402e58547bd58896be18cc9502c8e204a21e85e3657cd4d07be03fba888911ff4d26e40b882afbc97ab6d04f8f1a67260205126acfe
Static task
static1
Behavioral task
behavioral1
Sample
contract supply list.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
contract supply list.exe
Resource
win10
Malware Config
Targets
-
-
Target
contract supply list.exe
-
Size
311KB
-
MD5
1c8f2480d5bfe4d9bbe8bc432ccc5c97
-
SHA1
5ff74ec7bd4d10582ce2c949ade827b1ccb23d21
-
SHA256
24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac
-
SHA512
158ec88cc3d9ee15c2a96402e58547bd58896be18cc9502c8e204a21e85e3657cd4d07be03fba888911ff4d26e40b882afbc97ab6d04f8f1a67260205126acfe
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-