General
-
Target
FRIEGHT PAYMENT 41,634.20 USD..exe
-
Size
650KB
-
Sample
210430-54g7a8azzj
-
MD5
81c4bae78cce64b29f116bad10c3076a
-
SHA1
cadca89c62746fd87c4aeb5e81c01bc134fd546f
-
SHA256
2782cd8a1b4f5152d56ae47c4af233a6d4ecb08f7fb23918467fbe5019c8a44d
-
SHA512
f2e38ad8ad4bd91ac472868101b04493d78bde3ee59d42d152276873879619a9a88dbd97b1149129d25ebf9f2a38109dd7308b703122759f713eccda0c8e1ab9
Static task
static1
Behavioral task
behavioral1
Sample
FRIEGHT PAYMENT 41,634.20 USD..exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
FRIEGHT PAYMENT 41,634.20 USD..exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
FRIEGHT PAYMENT 41,634.20 USD..exe
-
Size
650KB
-
MD5
81c4bae78cce64b29f116bad10c3076a
-
SHA1
cadca89c62746fd87c4aeb5e81c01bc134fd546f
-
SHA256
2782cd8a1b4f5152d56ae47c4af233a6d4ecb08f7fb23918467fbe5019c8a44d
-
SHA512
f2e38ad8ad4bd91ac472868101b04493d78bde3ee59d42d152276873879619a9a88dbd97b1149129d25ebf9f2a38109dd7308b703122759f713eccda0c8e1ab9
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-