General
-
Target
Autocarriers Overdue invoice.DOC.exe
-
Size
368KB
-
Sample
201020-qr1bm5f9lj
-
MD5
17ef122a938c2b1037623d089129fd7a
-
SHA1
8557619a89b8624f89ea116799a4374188312b00
-
SHA256
e5ac252a63c887a842ad2f14e60353f4dc4a7b976ad5adb20888c5b2f0bae151
-
SHA512
cbdb96661ca5d5393f0574c63f1c754a270afe85ff3be5ffa3ebe8069d963b3da7d54ac7983ea77b5b861037e3d152d0a927580b3d02176472e10ee4fb116233
Static task
static1
Behavioral task
behavioral1
Sample
Autocarriers Overdue invoice.DOC.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
Autocarriers Overdue invoice.DOC.exe
-
Size
368KB
-
MD5
17ef122a938c2b1037623d089129fd7a
-
SHA1
8557619a89b8624f89ea116799a4374188312b00
-
SHA256
e5ac252a63c887a842ad2f14e60353f4dc4a7b976ad5adb20888c5b2f0bae151
-
SHA512
cbdb96661ca5d5393f0574c63f1c754a270afe85ff3be5ffa3ebe8069d963b3da7d54ac7983ea77b5b861037e3d152d0a927580b3d02176472e10ee4fb116233
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-