General
-
Target
New Puchase Order From BudGroup Ltd .PDF.exe
-
Size
368KB
-
Sample
201020-crqr97ke7j
-
MD5
e799bf5a0f3c24b196728122e60eb40d
-
SHA1
8284d15cdc0a85a9dcbbefbfca71268d980e5011
-
SHA256
db0c6ef1d64a1486fe241aa0c3bfdab01d0bac9da64da4ba974df3b57c91bb8f
-
SHA512
5466db3b91385697b8439cf74dcef3d3a1c40226c591a78fd984cc02255968ad90acd46d441fd645a1d07afb0534e81ee55f74752fe39649d0a61c0d11fe0a59
Static task
static1
Behavioral task
behavioral1
Sample
New Puchase Order From BudGroup Ltd .PDF.exe
Resource
win7
Malware Config
Targets
-
-
Target
New Puchase Order From BudGroup Ltd .PDF.exe
-
Size
368KB
-
MD5
e799bf5a0f3c24b196728122e60eb40d
-
SHA1
8284d15cdc0a85a9dcbbefbfca71268d980e5011
-
SHA256
db0c6ef1d64a1486fe241aa0c3bfdab01d0bac9da64da4ba974df3b57c91bb8f
-
SHA512
5466db3b91385697b8439cf74dcef3d3a1c40226c591a78fd984cc02255968ad90acd46d441fd645a1d07afb0534e81ee55f74752fe39649d0a61c0d11fe0a59
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-