General
-
Target
Expo_REQUEST FOR QUOTATION 2021-0912.PDF(79KB).exe
-
Size
1.1MB
-
Sample
211209-m1r91achfq
-
MD5
1bad21957abf5597d295ed971faf1ffc
-
SHA1
a72a8de5dcdcf6d7b71e932c482cfa69d81ff28d
-
SHA256
97ccd53d7d9abd378152b48894064f0c226d40a40a19f9ca485bbf5c062d02ca
-
SHA512
3101c0680c088575e1bf0835b2d2ad3d545cfb20360e163f3d81af02edc73ea72d3e24e30cb91aadb3db9d05267d21245ab2c8a21686e64ed9321ee4e09682a9
Static task
static1
Behavioral task
behavioral1
Sample
Expo_REQUEST FOR QUOTATION 2021-0912.PDF(79KB).exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Expo_REQUEST FOR QUOTATION 2021-0912.PDF(79KB).exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
Expo_REQUEST FOR QUOTATION 2021-0912.PDF(79KB).exe
-
Size
1.1MB
-
MD5
1bad21957abf5597d295ed971faf1ffc
-
SHA1
a72a8de5dcdcf6d7b71e932c482cfa69d81ff28d
-
SHA256
97ccd53d7d9abd378152b48894064f0c226d40a40a19f9ca485bbf5c062d02ca
-
SHA512
3101c0680c088575e1bf0835b2d2ad3d545cfb20360e163f3d81af02edc73ea72d3e24e30cb91aadb3db9d05267d21245ab2c8a21686e64ed9321ee4e09682a9
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-