General
-
Target
0fba4fe17da6f869210904e2b613a95e.exe
-
Size
381KB
-
Sample
220122-yvzbxache8
-
MD5
0fba4fe17da6f869210904e2b613a95e
-
SHA1
d43d9a8cd8c8ab443a8567e8e467f58395b9c307
-
SHA256
857e88abbcf84ed98d208749da6457a7858176656f7ed4916adf355794e67fec
-
SHA512
669c6a05ae0452cceb888df484fe4b2dcc020213e06622512b451deee438d143378f49fc05bab9f6735ad2503010e321924f43a62a10562dbc5ee30c883d1c0d
Static task
static1
Behavioral task
behavioral1
Sample
0fba4fe17da6f869210904e2b613a95e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0fba4fe17da6f869210904e2b613a95e.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
0fba4fe17da6f869210904e2b613a95e.exe
-
Size
381KB
-
MD5
0fba4fe17da6f869210904e2b613a95e
-
SHA1
d43d9a8cd8c8ab443a8567e8e467f58395b9c307
-
SHA256
857e88abbcf84ed98d208749da6457a7858176656f7ed4916adf355794e67fec
-
SHA512
669c6a05ae0452cceb888df484fe4b2dcc020213e06622512b451deee438d143378f49fc05bab9f6735ad2503010e321924f43a62a10562dbc5ee30c883d1c0d
Score10/10-
Looks for VirtualBox Guest Additions in registry
-
Adds policy Run key to start application
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-