General
-
Target
6ca72b7d95f2194e902cac169cabc9dff55335046f5edabe3d6b6bb3d9a22bee
-
Size
710KB
-
Sample
201105-v9cy9d4fpe
-
MD5
3e01b25d00cf3a9d93e4d4934fbeb8d1
-
SHA1
db596e58d89f5cbb2ac89c38f8a03a7b09aa90fa
-
SHA256
6ca72b7d95f2194e902cac169cabc9dff55335046f5edabe3d6b6bb3d9a22bee
-
SHA512
bcb72c63699f1353bd5d3e9a2e8a8e1ce85174d481a88821d99f8be5ffa59f4ff4ba3ef7a24725b3e09807ded257f39e6a5e7b3d17b6d975f76d33661292c672
Static task
static1
Behavioral task
behavioral1
Sample
6ca72b7d95f2194e902cac169cabc9dff55335046f5edabe3d6b6bb3d9a22bee.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
6ca72b7d95f2194e902cac169cabc9dff55335046f5edabe3d6b6bb3d9a22bee
-
Size
710KB
-
MD5
3e01b25d00cf3a9d93e4d4934fbeb8d1
-
SHA1
db596e58d89f5cbb2ac89c38f8a03a7b09aa90fa
-
SHA256
6ca72b7d95f2194e902cac169cabc9dff55335046f5edabe3d6b6bb3d9a22bee
-
SHA512
bcb72c63699f1353bd5d3e9a2e8a8e1ce85174d481a88821d99f8be5ffa59f4ff4ba3ef7a24725b3e09807ded257f39e6a5e7b3d17b6d975f76d33661292c672
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-