General
-
Target
Completed Finance Application and Required Documents.DOC.exe
-
Size
299KB
-
Sample
201013-cen5x84vte
-
MD5
9e6a523473b8b248169a7c012df77e71
-
SHA1
077d03bbe5c57015103583eb9a6dd3afbc8e45a9
-
SHA256
aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf
-
SHA512
3772fd8794801af0851c56bdbd3c6174aec3cd719e0a4bd2957bc38f4baaec80e8fee55e654856eed8c5962d8f4f66b01e380ae57bd8b801fabbe69a352610c6
Static task
static1
Behavioral task
behavioral1
Sample
Completed Finance Application and Required Documents.DOC.exe
Resource
win7
Malware Config
Targets
-
-
Target
Completed Finance Application and Required Documents.DOC.exe
-
Size
299KB
-
MD5
9e6a523473b8b248169a7c012df77e71
-
SHA1
077d03bbe5c57015103583eb9a6dd3afbc8e45a9
-
SHA256
aef47ea6290bbdfa6ca5994e556ba1d3a09200a525ab0aa11eb9fca8f324dfdf
-
SHA512
3772fd8794801af0851c56bdbd3c6174aec3cd719e0a4bd2957bc38f4baaec80e8fee55e654856eed8c5962d8f4f66b01e380ae57bd8b801fabbe69a352610c6
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-