General
-
Target
CFDI_52154.exe
-
Size
577KB
-
Sample
200909-pchf2769ya
-
MD5
eac081e7b44345046ebaa6eb36ceb3af
-
SHA1
43396b4f44409794616d160d953ddb608770e68d
-
SHA256
89dd8d0c8bfa44ae902f86561e85c7b32beee1e018ea35e761d197dadbfc932b
-
SHA512
ee1a4db51855b4fa3f4015a590371ddd1894ae172d6b27eeba3d96240d38c381530acf7dca8d8865900d918a967e3701b03fc83db71645ced084c58688b99b88
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_52154.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
CFDI_52154.exe
-
Size
577KB
-
MD5
eac081e7b44345046ebaa6eb36ceb3af
-
SHA1
43396b4f44409794616d160d953ddb608770e68d
-
SHA256
89dd8d0c8bfa44ae902f86561e85c7b32beee1e018ea35e761d197dadbfc932b
-
SHA512
ee1a4db51855b4fa3f4015a590371ddd1894ae172d6b27eeba3d96240d38c381530acf7dca8d8865900d918a967e3701b03fc83db71645ced084c58688b99b88
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-