General
-
Target
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6
-
Size
1.4MB
-
Sample
210516-crvljn76vs
-
MD5
07a4de5e099cd55e79a6d78c19776a14
-
SHA1
df22642227a1dd4f4f158ee793a88581797dfaab
-
SHA256
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6
-
SHA512
2734c721f66126f1fdd5979c8ae6ccbaadd938e17b0f4efabf8448f2863ce500fa1470e14352c10ca6f5c5e445f0c65e00225ad285ca36dc5c4982e88acea1de
Static task
static1
Behavioral task
behavioral1
Sample
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6
-
Size
1.4MB
-
MD5
07a4de5e099cd55e79a6d78c19776a14
-
SHA1
df22642227a1dd4f4f158ee793a88581797dfaab
-
SHA256
2e09bd5656c7d02caf8ebad3663412abbf24570f91c5884156ba57d428a61df6
-
SHA512
2734c721f66126f1fdd5979c8ae6ccbaadd938e17b0f4efabf8448f2863ce500fa1470e14352c10ca6f5c5e445f0c65e00225ad285ca36dc5c4982e88acea1de
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-