General
-
Target
f4846a6f5b3122080ec0cc8bd6b2fd4045938d4e3e4d6caeaa62be79c1a67a3d
-
Size
434KB
-
Sample
220521-xa6d2sefbq
-
MD5
9538f63bd71c8139b818f4c145a66446
-
SHA1
4215c3c843c2d99e2dcbbf80987d174efc6c09f9
-
SHA256
f4846a6f5b3122080ec0cc8bd6b2fd4045938d4e3e4d6caeaa62be79c1a67a3d
-
SHA512
db03ec76a5f21e89ad449aa8273c3e8c77d631c11bd2123a1285a953f5fcfcd7266b49d230af659bb88c5de8c4ed84d78cd1595e8e814a350332ab3b4e9f5f4b
Static task
static1
Behavioral task
behavioral1
Sample
PO #2604195144.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO #2604195144.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PO #2604195144.exe
-
Size
1.5MB
-
MD5
5362972a62de7251db4a08a631b96459
-
SHA1
2e06cf0148a06bf79c3ef08d494dfc2da6f1176b
-
SHA256
8bb9b00853b7ad74a9e4c41b8974ab369d16e6289c9e9e933be5fe56539af2b1
-
SHA512
408c18b454f558e80f916b53a50ca0a4a0f466ba3d7c31d030b90fac1b8918bb3518940405d81be1447431d249c18f4afc2196628319e8c47276889a45c7787a
Score6/10-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-