General
-
Target
Factura__pdf__10281.exe
-
Size
753KB
-
Sample
201214-btqgtbfee2
-
MD5
b645095ae08ac1c280312d614831bf9d
-
SHA1
daa6995076e713b6b608f3d2d3bf83cf63564884
-
SHA256
a4a71dffc22c8c69f530b70613fc5d2d4edad6d8c61acc66aa3f5735ea7e3dee
-
SHA512
9efb040c9da66d375416ab7862f7ad046e17fe529cc13997f04f5aac3cbb45a568978e31f65df7f8cc7b90548e6b44c73323edb2c11b3616882e8da282017032
Static task
static1
Behavioral task
behavioral1
Sample
Factura__pdf__10281.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Factura__pdf__10281.exe
-
Size
753KB
-
MD5
b645095ae08ac1c280312d614831bf9d
-
SHA1
daa6995076e713b6b608f3d2d3bf83cf63564884
-
SHA256
a4a71dffc22c8c69f530b70613fc5d2d4edad6d8c61acc66aa3f5735ea7e3dee
-
SHA512
9efb040c9da66d375416ab7862f7ad046e17fe529cc13997f04f5aac3cbb45a568978e31f65df7f8cc7b90548e6b44c73323edb2c11b3616882e8da282017032
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-