General
-
Target
CFDI_52154 09-09-2020.zip
-
Size
383KB
-
Sample
200909-z9stsrdm52
-
MD5
7e11d30d04f8065ffb8d42c21d59485d
-
SHA1
d88ac19da872e0f2dfda49f84841a9d22387648f
-
SHA256
1d7309700ea91c64a97f1730d686bd577e0d7048f1155a0e102a16fb350c94b4
-
SHA512
9232c73fe3e8d4f2aef7c3e1cfaa30c1cf01fa1ab757cfce8c2b003a9c0ec60eea8531c15bbf5fa07bf2b5f1b2837489f6fced7c57c3d03abca525de149ef598
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_52154.exe
Resource
win7
Malware Config
Targets
-
-
Target
CFDI_52154.exe
-
Size
577KB
-
MD5
eac081e7b44345046ebaa6eb36ceb3af
-
SHA1
43396b4f44409794616d160d953ddb608770e68d
-
SHA256
89dd8d0c8bfa44ae902f86561e85c7b32beee1e018ea35e761d197dadbfc932b
-
SHA512
ee1a4db51855b4fa3f4015a590371ddd1894ae172d6b27eeba3d96240d38c381530acf7dca8d8865900d918a967e3701b03fc83db71645ced084c58688b99b88
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-