General
-
Target
36362a90169cfe188fba75b025ed6b438d7a2ee5a07ad5953d1482244bf16413
-
Size
1.2MB
-
Sample
220520-2kw1ksfec6
-
MD5
358c7c43406b70b8c1d217663672f416
-
SHA1
173c4665e9d46a960fccb683baebac07d23355da
-
SHA256
36362a90169cfe188fba75b025ed6b438d7a2ee5a07ad5953d1482244bf16413
-
SHA512
8aba0de085d642d588ab23d94c03b5ba557ac57b888c3088482b44fd715e8f605d7c4a8cbd070fdfb145728bc8b83a9e2dedec9511e247e0a2f9384db6e3281d
Static task
static1
Behavioral task
behavioral1
Sample
Payment swift copy.pdf.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Payment swift copy.pdf.exe
-
Size
1.3MB
-
MD5
db30aa1c0eb9d07f3e7e966acc690898
-
SHA1
4495b0f386ee54919a46aa911ddc1b4931ca2d8a
-
SHA256
5176a48afec98e65c46b54977d76a78f20d8bd4333ca64285495a05862d6749b
-
SHA512
2df235a40d63efb26903e4b494959a7daef059985d3043d34eaa2aa2e3103c0e187bc9def392e3768580ff4ce6aab098a79af105c423bf0bd5b601f8232aa047
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-