General
-
Target
Payment Invoice.zip
-
Size
34KB
-
Sample
210422-nz9g9p61sx
-
MD5
4f59ccb966627307b7e168ca3b486322
-
SHA1
192c5edde28b1f71c81a3b814e8e30fed4c2f9e3
-
SHA256
d5392855df1f46cc31ba3512a328755d79686e12a00473b98a92a8f9bcfa92f2
-
SHA512
47cf169694b03c65940adf0b914ef28b9d5351e4838f28c239d2caecbcc314d10b83378f1d2440f467014f0a9f6719652c039c419924d030b3551107b1823d53
Static task
static1
Behavioral task
behavioral1
Sample
Payment Invoice.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Payment Invoice.exe
-
Size
190KB
-
MD5
c29266acdb146b5613dace7500cee027
-
SHA1
5105e8f7305f83ce42a6e1d011d5af66ba999785
-
SHA256
02042719ff8305de64b849f0f3047fff0564b6d0330fab017f0c00c7a294373e
-
SHA512
330c29938ed4933007297edf03fcafd297bef09030fdac745b0e1dc6b0148abad77618615f3d53cf258b5f6c2781a310765d81b4cc55a07fabb45443cf26f388
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-