General
-
Target
6920841d517abb8ec4d61a6704bf3d5f.exe
-
Size
488KB
-
Sample
200910-fl5yd6yw1s
-
MD5
6920841d517abb8ec4d61a6704bf3d5f
-
SHA1
04bf92b46dcd3a98557cd5c63100fe13a35e00a6
-
SHA256
4c04ac89e9b1cabb0a4be1a842a10da59868f6abff4d6df443967bf323260ab0
-
SHA512
01ce690ebf00f7bfea9290dadb6416d56a9c603e96f7dbbf91caffcfc53eee20ba42588e31303fb65fc5525e80696adaa660efacafc1e31bae82b02deb6ce591
Static task
static1
Behavioral task
behavioral1
Sample
6920841d517abb8ec4d61a6704bf3d5f.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
6920841d517abb8ec4d61a6704bf3d5f.exe
-
Size
488KB
-
MD5
6920841d517abb8ec4d61a6704bf3d5f
-
SHA1
04bf92b46dcd3a98557cd5c63100fe13a35e00a6
-
SHA256
4c04ac89e9b1cabb0a4be1a842a10da59868f6abff4d6df443967bf323260ab0
-
SHA512
01ce690ebf00f7bfea9290dadb6416d56a9c603e96f7dbbf91caffcfc53eee20ba42588e31303fb65fc5525e80696adaa660efacafc1e31bae82b02deb6ce591
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-