General
-
Target
fa8ce83b306dd68d1d7660919c9dd523
-
Size
1.4MB
-
Sample
210915-h8hcjsdbdj
-
MD5
fa8ce83b306dd68d1d7660919c9dd523
-
SHA1
1a0c86251a0044d65915640a0042c492e19275a2
-
SHA256
51f5b830fb0da1abe98f445889d9cf12a5d2c175c8f8b5d30df220b11113756d
-
SHA512
efa77b674afcca7ea1a14574ac855252848c91252bd189f6b5de8b7c30a00790f66cc986af4f90722e0f8cb4f66099b8419c794b6fbfc43f78241770d86e64fb
Static task
static1
Behavioral task
behavioral1
Sample
fa8ce83b306dd68d1d7660919c9dd523.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
fa8ce83b306dd68d1d7660919c9dd523
-
Size
1.4MB
-
MD5
fa8ce83b306dd68d1d7660919c9dd523
-
SHA1
1a0c86251a0044d65915640a0042c492e19275a2
-
SHA256
51f5b830fb0da1abe98f445889d9cf12a5d2c175c8f8b5d30df220b11113756d
-
SHA512
efa77b674afcca7ea1a14574ac855252848c91252bd189f6b5de8b7c30a00790f66cc986af4f90722e0f8cb4f66099b8419c794b6fbfc43f78241770d86e64fb
-
Turns off Windows Defender SpyNet reporting
-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-