General
-
Target
KAAS GROUP CO LLC PROJECT - REQUIREMENTS QUANTITY.xlsx
-
Size
727KB
-
Sample
200904-jnpjdp4w52
-
MD5
8bb4b1de922189a0ead4d3d53f90dee2
-
SHA1
f9f8e5cce299de26c7c4597466283de3fca99052
-
SHA256
3b20874d61fc9dccaf568e149987fa2d6b856b91822237394e778dd4ef989620
-
SHA512
7daf835a914b78e5849e1ea82c9ae94df2a6b75e2aebabd6031bfb0b7db577bc4c5f7bc8c7f9f5be5fd37c71d252c643b19f0a167a190ed2be8b6e561677ff98
Static task
static1
Behavioral task
behavioral1
Sample
KAAS GROUP CO LLC PROJECT - REQUIREMENTS QUANTITY.xlsx
Resource
win7v200722
Behavioral task
behavioral2
Sample
KAAS GROUP CO LLC PROJECT - REQUIREMENTS QUANTITY.xlsx
Resource
win10
Malware Config
Targets
-
-
Target
KAAS GROUP CO LLC PROJECT - REQUIREMENTS QUANTITY.xlsx
-
Size
727KB
-
MD5
8bb4b1de922189a0ead4d3d53f90dee2
-
SHA1
f9f8e5cce299de26c7c4597466283de3fca99052
-
SHA256
3b20874d61fc9dccaf568e149987fa2d6b856b91822237394e778dd4ef989620
-
SHA512
7daf835a914b78e5849e1ea82c9ae94df2a6b75e2aebabd6031bfb0b7db577bc4c5f7bc8c7f9f5be5fd37c71d252c643b19f0a167a190ed2be8b6e561677ff98
-
Modifies firewall policy service
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-