General
-
Target
01_file.exe
-
Size
61KB
-
Sample
201117-e8lwszn5p2
-
MD5
09f44613721448e9a45692a2f9bab7f7
-
SHA1
8f62c0683a552fef59136a7b7ae2a1f41e4d43cd
-
SHA256
92c0d7be74bd55ea431d9f144b0938834c74764e87c39e8bcd640e05458c4adf
-
SHA512
611a0943c9112c0928d10037797d0e55acb51887c19a48fcf8982cd0aaed84e8cf35659cb22c1a9aef98b8ff9347e7c84d6894a5eda543be70c3fefcb9a704b2
Static task
static1
Behavioral task
behavioral1
Sample
01_file.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
01_file.exe
-
Size
61KB
-
MD5
09f44613721448e9a45692a2f9bab7f7
-
SHA1
8f62c0683a552fef59136a7b7ae2a1f41e4d43cd
-
SHA256
92c0d7be74bd55ea431d9f144b0938834c74764e87c39e8bcd640e05458c4adf
-
SHA512
611a0943c9112c0928d10037797d0e55acb51887c19a48fcf8982cd0aaed84e8cf35659cb22c1a9aef98b8ff9347e7c84d6894a5eda543be70c3fefcb9a704b2
-
Modifies WinLogon for persistence
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-