General
-
Target
b536b2e629251420a9cd824acd7e955540258c78ae7a14b10a787caee251dd40
-
Size
523KB
-
Sample
210727-tlka6chyyj
-
MD5
ff050a24b54251f10bbe17f6890856d7
-
SHA1
31edaa2a4f2774f172ec9fd928e2e5277cfeaa04
-
SHA256
b536b2e629251420a9cd824acd7e955540258c78ae7a14b10a787caee251dd40
-
SHA512
ebf331b397b4eb643b8aad509b433d41e37dc31f3b4050eddc5c4b003b65b2c04538a280c6fee3d227bed13007aac23b88265fdbb6b8f348b044dc09d41d1e3f
Static task
static1
Malware Config
Targets
-
-
Target
b536b2e629251420a9cd824acd7e955540258c78ae7a14b10a787caee251dd40
-
Size
523KB
-
MD5
ff050a24b54251f10bbe17f6890856d7
-
SHA1
31edaa2a4f2774f172ec9fd928e2e5277cfeaa04
-
SHA256
b536b2e629251420a9cd824acd7e955540258c78ae7a14b10a787caee251dd40
-
SHA512
ebf331b397b4eb643b8aad509b433d41e37dc31f3b4050eddc5c4b003b65b2c04538a280c6fee3d227bed13007aac23b88265fdbb6b8f348b044dc09d41d1e3f
-
NetWire RAT payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-