General
-
Target
984ebe40c1ff8949b2e986bacd2b899a.exe
-
Size
921KB
-
Sample
201213-6nmpdq14pe
-
MD5
984ebe40c1ff8949b2e986bacd2b899a
-
SHA1
5e1af59384fcaa30eb0185034fe21209cecb05df
-
SHA256
17a31e5e4c46ce8f7c0e242a5e90c8d6cef5db6d77b696b93af45b1b22a87d81
-
SHA512
d3893e713ba6e2f1e29ec40b6df50eb26f2027c58485cad8f87dc5631e08486adbef51c8f8d614e0fef8977545472db9a0adba3ec21d5a9422e61691254826e6
Static task
static1
Behavioral task
behavioral1
Sample
984ebe40c1ff8949b2e986bacd2b899a.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
984ebe40c1ff8949b2e986bacd2b899a.exe
-
Size
921KB
-
MD5
984ebe40c1ff8949b2e986bacd2b899a
-
SHA1
5e1af59384fcaa30eb0185034fe21209cecb05df
-
SHA256
17a31e5e4c46ce8f7c0e242a5e90c8d6cef5db6d77b696b93af45b1b22a87d81
-
SHA512
d3893e713ba6e2f1e29ec40b6df50eb26f2027c58485cad8f87dc5631e08486adbef51c8f8d614e0fef8977545472db9a0adba3ec21d5a9422e61691254826e6
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-