General
-
Target
Factura__pdf__69829.exe
-
Size
749KB
-
Sample
201113-ng5aynb81e
-
MD5
a09b11ac0a5932ab7bea125d1e83ce96
-
SHA1
147918bd893d12180931e1a622866e8e42252f1b
-
SHA256
157f0b21d5dcfc4e06c98545a986f2e41168f39a8d41c7f301ee4a047d55006f
-
SHA512
b8e30534d0aa6814b0f714cfebb3b506562f1dd4a501c75d3b6e5b082cb8fff6d4e9a0df44588c67d362c7d4ff2a22eef0f113b744ffe502b995d2f3ad255141
Static task
static1
Behavioral task
behavioral1
Sample
Factura__pdf__69829.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Factura__pdf__69829.exe
-
Size
749KB
-
MD5
a09b11ac0a5932ab7bea125d1e83ce96
-
SHA1
147918bd893d12180931e1a622866e8e42252f1b
-
SHA256
157f0b21d5dcfc4e06c98545a986f2e41168f39a8d41c7f301ee4a047d55006f
-
SHA512
b8e30534d0aa6814b0f714cfebb3b506562f1dd4a501c75d3b6e5b082cb8fff6d4e9a0df44588c67d362c7d4ff2a22eef0f113b744ffe502b995d2f3ad255141
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-