General
-
Target
CFDI_Detalles.exe
-
Size
649KB
-
Sample
200924-jv46bl7tyx
-
MD5
25c412970140a1a041d28ad8817d605c
-
SHA1
d7247da0263fe24f2bb3a68703c40579a6eaa1ae
-
SHA256
53533c1e66deaaba84275f5d11465423bf957a5bcc51de05492792128381e7d7
-
SHA512
964110a2a91cccc35eaadc9536c88d319fc1e4ee3f7aed685bcb0a03cdfa1cb00b43a8c19ffe273c1d364af86ffdddfd27a40e42fafd8f5de4fef6a3a5dbeb29
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_Detalles.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
CFDI_Detalles.exe
-
Size
649KB
-
MD5
25c412970140a1a041d28ad8817d605c
-
SHA1
d7247da0263fe24f2bb3a68703c40579a6eaa1ae
-
SHA256
53533c1e66deaaba84275f5d11465423bf957a5bcc51de05492792128381e7d7
-
SHA512
964110a2a91cccc35eaadc9536c88d319fc1e4ee3f7aed685bcb0a03cdfa1cb00b43a8c19ffe273c1d364af86ffdddfd27a40e42fafd8f5de4fef6a3a5dbeb29
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-