General
-
Target
grabbot_0.1.4.0.vir
-
Size
284KB
-
Sample
200719-7acx1trdxx
-
MD5
3c3ebe8014d0c9b63e752267a58f7350
-
SHA1
390e98beff93c5cdc28664c6f7bc906b9b1d851f
-
SHA256
2f3709579bd5f0c039eed9e4a849ae46b286cc779cecad78910aaffae51b4278
-
SHA512
b99064660e8a85e0a247eaac8a8f975849b01437de06e82fefb14d6618af4742da42d29e5cbf006d1c3cc31fafb99c34dcf04dd01aa420dbfa93c76d9a695bcc
Static task
static1
Behavioral task
behavioral1
Sample
grabbot_0.1.4.0.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
grabbot_0.1.4.0.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
grabbot_0.1.4.0.vir
-
Size
284KB
-
MD5
3c3ebe8014d0c9b63e752267a58f7350
-
SHA1
390e98beff93c5cdc28664c6f7bc906b9b1d851f
-
SHA256
2f3709579bd5f0c039eed9e4a849ae46b286cc779cecad78910aaffae51b4278
-
SHA512
b99064660e8a85e0a247eaac8a8f975849b01437de06e82fefb14d6618af4742da42d29e5cbf006d1c3cc31fafb99c34dcf04dd01aa420dbfa93c76d9a695bcc
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Deletes itself
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-