General
-
Target
e9bb5824bdcb260753367e68abfa8fb5
-
Size
1.4MB
-
Sample
210915-hlchsadafp
-
MD5
e9bb5824bdcb260753367e68abfa8fb5
-
SHA1
956c467cdbecf98b250f780aa3d8cd1d9634f3a4
-
SHA256
f5c297279b27a02d9ede35e210c0bf0dbe0decbecd09183e5a2677f05cea50db
-
SHA512
e33838c5dd7e94efdf08ae37f33945dd6eefa26f8a56f415e2447179c40bd9d081abf59a1f054274ea9e1b5e80a9948a55ba5d0a048ff8f0f45f644b524d6c5f
Static task
static1
Behavioral task
behavioral1
Sample
e9bb5824bdcb260753367e68abfa8fb5.exe
Resource
win7-en
Malware Config
Targets
-
-
Target
e9bb5824bdcb260753367e68abfa8fb5
-
Size
1.4MB
-
MD5
e9bb5824bdcb260753367e68abfa8fb5
-
SHA1
956c467cdbecf98b250f780aa3d8cd1d9634f3a4
-
SHA256
f5c297279b27a02d9ede35e210c0bf0dbe0decbecd09183e5a2677f05cea50db
-
SHA512
e33838c5dd7e94efdf08ae37f33945dd6eefa26f8a56f415e2447179c40bd9d081abf59a1f054274ea9e1b5e80a9948a55ba5d0a048ff8f0f45f644b524d6c5f
Score10/10-
Turns off Windows Defender SpyNet reporting
-
Looks for VirtualBox Guest Additions in registry
-
Nirsoft
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-