General
-
Target
https://www.mediafire.com/file/34cnh00obe1554x/Fiero.zip/file
-
Sample
220113-q4vfbaafa5
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/34cnh00obe1554x/Fiero.zip/file
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
Malware Config
Targets
-
-
Target
https://www.mediafire.com/file/34cnh00obe1554x/Fiero.zip/file
Score10/10-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-