General
-
Target
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
-
Size
197KB
-
Sample
210131-r4ntybl15j
-
MD5
039ce25d495fa555ae1c210592b564d0
-
SHA1
6684d0ffde174052a03931981262dc0a7cb9891c
-
SHA256
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
-
SHA512
c2be8d6b80e57339957f370b4ac31bd03140f9a9ed4865926eb6d7e5a69d3510b046930c1933d38629b4c3bcae007b6cf5e6140463ab6e064820cdd91bbd46bb
Static task
static1
Behavioral task
behavioral1
Sample
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
-
Size
197KB
-
MD5
039ce25d495fa555ae1c210592b564d0
-
SHA1
6684d0ffde174052a03931981262dc0a7cb9891c
-
SHA256
94fff127753ed1d704c781b5c391f5e62f4a907b67f7e1d51c3c84addd5851ab
-
SHA512
c2be8d6b80e57339957f370b4ac31bd03140f9a9ed4865926eb6d7e5a69d3510b046930c1933d38629b4c3bcae007b6cf5e6140463ab6e064820cdd91bbd46bb
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-