General
-
Target
6A1B1BD71C348B1701B67555A2AC314D.exe
-
Size
829KB
-
Sample
210322-hw49dwq9ha
-
MD5
6a1b1bd71c348b1701b67555a2ac314d
-
SHA1
cb6241cc299e72b22035b3a2d15063e93622c409
-
SHA256
4241044fce8bace299a5a348c736970be1c89ecaf3aa0f28533486c915b8e1c1
-
SHA512
315cdc82eeb209c2b5f60b1c1b9b8827f9a8be81db633f832735347f5828d149d0559cd69be2891df333bd2b605dcc7c912d5772b0476b4e2250bcb92ed99022
Static task
static1
Behavioral task
behavioral1
Sample
6A1B1BD71C348B1701B67555A2AC314D.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
6A1B1BD71C348B1701B67555A2AC314D.exe
-
Size
829KB
-
MD5
6a1b1bd71c348b1701b67555a2ac314d
-
SHA1
cb6241cc299e72b22035b3a2d15063e93622c409
-
SHA256
4241044fce8bace299a5a348c736970be1c89ecaf3aa0f28533486c915b8e1c1
-
SHA512
315cdc82eeb209c2b5f60b1c1b9b8827f9a8be81db633f832735347f5828d149d0559cd69be2891df333bd2b605dcc7c912d5772b0476b4e2250bcb92ed99022
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-