General
-
Target
6239857127096320.zip
-
Size
324KB
-
Sample
210802-w54ry2f37e
-
MD5
1ffc158314d8a085d32a53b29aa9c9c8
-
SHA1
e32c02233fcbd4bd48976d1ca29175082c377443
-
SHA256
4e8d0c07c952e2c0ab161c2b1f5d4957019eb783578ddc95515497b391522134
-
SHA512
0d67580fcfb69d61a5430554d74bcfafa4c861bbb4567a9244224b73d1e5578163385a6ad54faaa43d8353bed69b7795532ee56e387118f117c3d1cfb512358a
Static task
static1
Behavioral task
behavioral1
Sample
665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5
-
Size
363KB
-
MD5
c4ffcc4b39b9606729ebebadd9fab876
-
SHA1
d2e3847753aa950742a10f94cc30de34415912a6
-
SHA256
665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5
-
SHA512
7d81d82fc04ec4bba1048846379ff1d5a6501ace684945537c3b989a7124c94234e6317e57fc42c67fc1f2373f9e2a5ac45a50d8f0bbe39400f7175a151a5956
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-