General
-
Target
0f70263fe10dd4f80b8f55d7ee4c75c6.exe
-
Size
878KB
-
Sample
201213-t7f6rcdw62
-
MD5
0f70263fe10dd4f80b8f55d7ee4c75c6
-
SHA1
01774685daf3b29f6ca167fc685df442ffcfcef3
-
SHA256
d448e98a5a460af5fe86ca742ec12b77bfd051db847cff94c4e60189379548ae
-
SHA512
2c3f050e4a08340b12948dd30886c7fa60f2dc60281cfc408cb84928de8d474f156ee6bf4bf8a6264e82ce1e3d30195fc30845edff349eaf24b486f840923f10
Static task
static1
Behavioral task
behavioral1
Sample
0f70263fe10dd4f80b8f55d7ee4c75c6.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
0f70263fe10dd4f80b8f55d7ee4c75c6.exe
-
Size
878KB
-
MD5
0f70263fe10dd4f80b8f55d7ee4c75c6
-
SHA1
01774685daf3b29f6ca167fc685df442ffcfcef3
-
SHA256
d448e98a5a460af5fe86ca742ec12b77bfd051db847cff94c4e60189379548ae
-
SHA512
2c3f050e4a08340b12948dd30886c7fa60f2dc60281cfc408cb84928de8d474f156ee6bf4bf8a6264e82ce1e3d30195fc30845edff349eaf24b486f840923f10
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-