General
-
Target
file.exe
-
Size
308KB
-
Sample
201008-vxzzhb13q6
-
MD5
0d60363ed96a464ff943f7a5f8f4f1a9
-
SHA1
bf4e27ea98da9d4ee85f248e8c19e892dbcd964b
-
SHA256
a606cc038ea51f1a3093199c2faaa5181ea983e7da03ad72287d4ff968c9c766
-
SHA512
55ae2bbb7a95f0675783a3b39ee46f5a5a5f4464482f3edda091b77617334f4177c78e8af181f3d4f6b52cc6badfd514e754fb2c0ab06a502754c1a7d453d130
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7
Malware Config
Targets
-
-
Target
file.exe
-
Size
308KB
-
MD5
0d60363ed96a464ff943f7a5f8f4f1a9
-
SHA1
bf4e27ea98da9d4ee85f248e8c19e892dbcd964b
-
SHA256
a606cc038ea51f1a3093199c2faaa5181ea983e7da03ad72287d4ff968c9c766
-
SHA512
55ae2bbb7a95f0675783a3b39ee46f5a5a5f4464482f3edda091b77617334f4177c78e8af181f3d4f6b52cc6badfd514e754fb2c0ab06a502754c1a7d453d130
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-