General
-
Target
CFDI_Detalles.exe
-
Size
636KB
-
Sample
201001-6a258nrx9a
-
MD5
bb3aaa72180128a32fc7912bc39c9c79
-
SHA1
f5adecb1c24d9e331db5862b44c373fb1e1a0fb4
-
SHA256
209d47069b962d8d232dd349c905c43ca1d787575315111409783085b54e2dd0
-
SHA512
c0b5119eeb968526820a3544f4c766cb8a179c4f78c1efe3b260ded8a296036bd342d1e133fa317639c9d371867612c63b9b62fbbc6ef87194dcc154d2987992
Static task
static1
Behavioral task
behavioral1
Sample
CFDI_Detalles.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
CFDI_Detalles.exe
-
Size
636KB
-
MD5
bb3aaa72180128a32fc7912bc39c9c79
-
SHA1
f5adecb1c24d9e331db5862b44c373fb1e1a0fb4
-
SHA256
209d47069b962d8d232dd349c905c43ca1d787575315111409783085b54e2dd0
-
SHA512
c0b5119eeb968526820a3544f4c766cb8a179c4f78c1efe3b260ded8a296036bd342d1e133fa317639c9d371867612c63b9b62fbbc6ef87194dcc154d2987992
-
Modifies firewall policy service
-
Modifies security service
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-