General
-
Target
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.zip
-
Size
562KB
-
Sample
210215-rbd8jp8by2
-
MD5
3df357517581e10e783e463ba15cd99b
-
SHA1
68114772bcdfcc01b5f3272c7188658f3a5da32d
-
SHA256
ccab681baa683fa5d1bc2c11f786b67800eca96442ace9372c8dd5d31b5366e2
-
SHA512
b15cce78b00c47c48b47ebe131affa4a794e1cee2bf7850afdc304a3c57fd18c9897a502dee545160ecd8c78f0392047158785fe8b82d5ea35d7cafe7e807f49
Static task
static1
Behavioral task
behavioral1
Sample
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe
Resource
win7v20201028
Behavioral task
behavioral4
Sample
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901
-
Size
698KB
-
MD5
f3e344b63fd98041b0551c0a329e85fb
-
SHA1
ac086b6e0b21648088c8d098c68adfab38927e61
-
SHA256
e0a124e431d01bf7b194ad5a2f8c0435471c0e1b062e165c3db211186a1ea901
-
SHA512
7ead065043f00dee8654f10c358448c9521a2825036cf4c09fbc9f334c9d3815f1cbaae722757968d1347f394da58fbd8aa35ac87c221079cdf0a765af0dfc5a
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-