General
-
Target
e-Fax_Message_329800021831.zip
-
Size
15KB
-
Sample
210420-mf87qx7qbs
-
MD5
3a8e22a65673cd0a2a7f5157c2c465bb
-
SHA1
ebce4991512249f3a1fcd5146243228632ae538f
-
SHA256
58f7b1dd28c24592a5cd71b47ac954378fe00b2c629c37361a27b7cfa04448e6
-
SHA512
769365f8496b8a29e09e6bd37a2d91c8ad75ffce1445026df69731de296a70dc662d497a0063c8532c2dab5390826c259284d773433e52894ba592e202b8df9b
Static task
static1
Behavioral task
behavioral1
Sample
VM_eFax Message_329800021831.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
VM_eFax Message_329800021831.exe
-
Size
32KB
-
MD5
ab4ea70d405371be8567723592d12074
-
SHA1
1d7c6d8480fe324e39565c183f821090b62e78c8
-
SHA256
c32ca87d5274abfdcd6447a5e5a8b8f94c347b6dbdef7794481687560f4897f9
-
SHA512
2106fdd5a800dc1e0f3052751dd81751dbaedc4504cd36ee24d724cf66e61b90f43fcf7a18809d7577f64ed6b03e5b4ed2c46a9150cffc9d976c13ebd32ba38f
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v6
Defense Evasion
Bypass User Account Control
1Disabling Security Tools
3Modify Registry
6Virtualization/Sandbox Evasion
2Install Root Certificate
1