General
-
Target
spv.exe
-
Size
168KB
-
Sample
210824-ne3zvhwegx
-
MD5
d14f6006092df0f6cbab4a63dc311e87
-
SHA1
091a3eed5d7b051decbab251ac9c1cdc51391012
-
SHA256
fc542972fb9da1997a2c9192aa75fbe3fda4213c514ccfd8aab031d0e73e1653
-
SHA512
49b88e2f71ccf3e32c0660074a9adbb0b3bc8a15d792276a275949e00f6aeaab336f327cd9114e1387c42c558a06dcb0afb73a7195dfdb91d909d38a8d127bc0
Static task
static1
Behavioral task
behavioral1
Sample
spv.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
spv.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
spv.exe
-
Size
168KB
-
MD5
d14f6006092df0f6cbab4a63dc311e87
-
SHA1
091a3eed5d7b051decbab251ac9c1cdc51391012
-
SHA256
fc542972fb9da1997a2c9192aa75fbe3fda4213c514ccfd8aab031d0e73e1653
-
SHA512
49b88e2f71ccf3e32c0660074a9adbb0b3bc8a15d792276a275949e00f6aeaab336f327cd9114e1387c42c558a06dcb0afb73a7195dfdb91d909d38a8d127bc0
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-