General
-
Target
test.zip
-
Size
1.5MB
-
Sample
211124-aqq8qsege9
-
MD5
8315b7b9e41ebc66657701b0b7f4fe02
-
SHA1
50205f75078b36f4d38dd7425eb22daebde18ea4
-
SHA256
a00a34aa07b3ddf3ecae91fef78943998c624c9ff2c213179135e183dfdd6640
-
SHA512
1a03ef3ba0b5cf9989c4311077e9a1f830a60284c0b4adcb540a412d69f951b96f9b5864937b56195325999ce88fa1c72b261130c5ebd1ec3d7a1493069d8d65
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
test.exe
-
Size
3.5MB
-
MD5
be40d4806fdb4bbf01a1e58db9be72f9
-
SHA1
cdc85537cc728a393608f32e0b078bfb00e46ccc
-
SHA256
08ad8bfa45d107b5ddd904f002abb2cd9402bca5564025b3cf4fb309c1371046
-
SHA512
c459b7bb0d8fd77bdde8d264661e515e05fef46094487c647680b2f7fb670258d2364c5886ca1184cb60a1b4c0d32be68c3994326aedd82505228063a471e1e8
-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-