General
-
Target
quotepoexe.zip
-
Size
402KB
-
Sample
211123-x2arfsbafm
-
MD5
11aef155ec040bff6c9954662ca2fea6
-
SHA1
0ea7d964a27b50e4386a97cb58118ab99e4d44e0
-
SHA256
c199073c64d105494e8c71b079f32999f0cfc363cc530149b8e2e68b6b9be2c7
-
SHA512
5588d4b92466256f1ca479042741810dda2142c730295a34f4d73ff842c26d9ee2ff3f521e293454be384f06919630b47a46a9ac74fe9d80f6df87ec5f381d48
Static task
static1
Behavioral task
behavioral1
Sample
15bdbbb74d12a8fb5e0d6cd961e06e63bb17c3fffe8f75387512010e3c9ff189.bin.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
15bdbbb74d12a8fb5e0d6cd961e06e63bb17c3fffe8f75387512010e3c9ff189.bin.exe
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
15bdbbb74d12a8fb5e0d6cd961e06e63bb17c3fffe8f75387512010e3c9ff189.bin
-
Size
483KB
-
MD5
a356907e372f5e4558150d0eb14a9aae
-
SHA1
2493f4864ce1d4dc86197351dc4cdda099a5ba73
-
SHA256
15bdbbb74d12a8fb5e0d6cd961e06e63bb17c3fffe8f75387512010e3c9ff189
-
SHA512
4c75bee75e4c4a1a80c03c042c5c672aeb92fd0feba42eb4b2dee9dfd3e0eb15d9434cd8e7f729a2e4c4ca7e907b113f2fe3289419346973a2826ac65987d483
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-