General
-
Target
IRMOutstandingReport_1594432868602.exe
-
Size
167KB
-
Sample
200713-llj4q7fa22
-
MD5
0075c01564d4a4425acccaeb9272d44f
-
SHA1
5ac7f72aae6784a7cc2d979eed0e25afbd704ae1
-
SHA256
83dc40c5814d63f0ff34410b5d0b73cc9eedec070af5f6934d63f73d562835f8
-
SHA512
64d0f663b9e007204e06548542647ddcf7c1a25cc513118b2122c9d08ac20102a2703e756a8d6242f46b6be2e8b92898ad69117ade7ef79a37b63bedacb74d6d
Static task
static1
Behavioral task
behavioral1
Sample
IRMOutstandingReport_1594432868602.exe
Resource
win7
Behavioral task
behavioral2
Sample
IRMOutstandingReport_1594432868602.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
IRMOutstandingReport_1594432868602.exe
-
Size
167KB
-
MD5
0075c01564d4a4425acccaeb9272d44f
-
SHA1
5ac7f72aae6784a7cc2d979eed0e25afbd704ae1
-
SHA256
83dc40c5814d63f0ff34410b5d0b73cc9eedec070af5f6934d63f73d562835f8
-
SHA512
64d0f663b9e007204e06548542647ddcf7c1a25cc513118b2122c9d08ac20102a2703e756a8d6242f46b6be2e8b92898ad69117ade7ef79a37b63bedacb74d6d
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Sets DLL path for service in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-