General
-
Target
facturaproforma#201803601.exe
-
Size
456KB
-
Sample
211203-nf2hlsgcbm
-
MD5
d778653148f01332e42a7161f0599f54
-
SHA1
e1249522a8ea1cee94b18c4bc7cd98d450fe3b23
-
SHA256
a3015093b23acb5ee6d0491eca81d6f8b2ad7d9b15181a9366e429e49cf6bf77
-
SHA512
14a271e1072c908cae64200f853c5a414888dc079ddad806e3bcd940e3e8798e8bccffc312bf091f8fb113dc25416c1b44373ca3d0454e987ba80962cd01be61
Static task
static1
Behavioral task
behavioral1
Sample
facturaproforma#201803601.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
facturaproforma#201803601.exe
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
facturaproforma#201803601.exe
-
Size
456KB
-
MD5
d778653148f01332e42a7161f0599f54
-
SHA1
e1249522a8ea1cee94b18c4bc7cd98d450fe3b23
-
SHA256
a3015093b23acb5ee6d0491eca81d6f8b2ad7d9b15181a9366e429e49cf6bf77
-
SHA512
14a271e1072c908cae64200f853c5a414888dc079ddad806e3bcd940e3e8798e8bccffc312bf091f8fb113dc25416c1b44373ca3d0454e987ba80962cd01be61
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-