General
-
Target
Fads_Gercekler.exe
-
Size
2.0MB
-
Sample
210504-s3fd7d2h1s
-
MD5
e0fcc6006b8db87d96c047775ca5c598
-
SHA1
9429e298482ea5d8f2802353a4b97544e7bc0949
-
SHA256
7b187ffdf087fa28e04f239ba10f031bcc73518f4126e75ead32145ad83f51fd
-
SHA512
20651b60b623daddda4d2b5a2f33971121d85a0c0e57357d65c29a00b931003ed72f1a669d3671d2088cb689bc69ac243dcf47ab906d11206c90d549f01a2ee0
Static task
static1
Behavioral task
behavioral1
Sample
Fads_Gercekler.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
Fads_Gercekler.exe
-
Size
2.0MB
-
MD5
e0fcc6006b8db87d96c047775ca5c598
-
SHA1
9429e298482ea5d8f2802353a4b97544e7bc0949
-
SHA256
7b187ffdf087fa28e04f239ba10f031bcc73518f4126e75ead32145ad83f51fd
-
SHA512
20651b60b623daddda4d2b5a2f33971121d85a0c0e57357d65c29a00b931003ed72f1a669d3671d2088cb689bc69ac243dcf47ab906d11206c90d549f01a2ee0
-
Turns off Windows Defender SpyNet reporting
-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-