General
-
Target
Import and Export Regulation.xlsx
-
Size
2.3MB
-
Sample
201213-ar5ymtqjl2
-
MD5
b42c2fed481f5ec6f99f678d1f6f036f
-
SHA1
c91e029f1e0304e0b1439085fae57609d7e1962d
-
SHA256
c0b84d4a7affdc167863953ad494d02550d020a6efb083a1375d86a1b3b76edc
-
SHA512
cded7c450a0a6ac0fdad1b88306451ec29fd3319f4c1fa9d48d7274c20a49eb8bf793451bfdf75451882b83c3c54705cbe74563e0182ceee7a42576421322464
Static task
static1
Behavioral task
behavioral1
Sample
Import and Export Regulation.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Import and Export Regulation.xlsx
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Import and Export Regulation.xlsx
-
Size
2.3MB
-
MD5
b42c2fed481f5ec6f99f678d1f6f036f
-
SHA1
c91e029f1e0304e0b1439085fae57609d7e1962d
-
SHA256
c0b84d4a7affdc167863953ad494d02550d020a6efb083a1375d86a1b3b76edc
-
SHA512
cded7c450a0a6ac0fdad1b88306451ec29fd3319f4c1fa9d48d7274c20a49eb8bf793451bfdf75451882b83c3c54705cbe74563e0182ceee7a42576421322464
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-