General
-
Target
bafc60c6400d1952143edd3ca50ee960
-
Size
14.2MB
-
Sample
201214-gfvtb8p222
-
MD5
bafc60c6400d1952143edd3ca50ee960
-
SHA1
29e68429e3b2e5c80e8657f27cbd12873e17ce10
-
SHA256
53240ff0a9160c77159782458342eb971f6b6b0a8a94733f878a6fe90c1661c9
-
SHA512
047e8852afd1f3f6520c45a4cda89fab06d3c5f6436886b224a269d224844d4f473a739cf22b5a0a2f0008c2ef64aa46fd60347519a452ff5c83615e225a4c20
Static task
static1
Behavioral task
behavioral1
Sample
bafc60c6400d1952143edd3ca50ee960.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
bafc60c6400d1952143edd3ca50ee960.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
bafc60c6400d1952143edd3ca50ee960
-
Size
14.2MB
-
MD5
bafc60c6400d1952143edd3ca50ee960
-
SHA1
29e68429e3b2e5c80e8657f27cbd12873e17ce10
-
SHA256
53240ff0a9160c77159782458342eb971f6b6b0a8a94733f878a6fe90c1661c9
-
SHA512
047e8852afd1f3f6520c45a4cda89fab06d3c5f6436886b224a269d224844d4f473a739cf22b5a0a2f0008c2ef64aa46fd60347519a452ff5c83615e225a4c20
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-