General
-
Target
Rastreio SEDEX.zip
-
Size
8.8MB
-
Sample
220627-pa9sgacha3
-
MD5
5c9d7e87243bc3d8a49b7a0ebd988ffa
-
SHA1
b40f297247d278779b24cde806d57253bd9745af
-
SHA256
f00a4236996d42168bda5ccaa09d1bc844477f548ec2bdf3b161d26004f8091e
-
SHA512
8662997f35ce14da1699d8617f2e5e5c95dfe70015979f32e6c7c6382f9dd6c6401c7be0b7a93be1e703db8718df9548701c1986619f3eccfd0b180f31136417
Static task
static1
Behavioral task
behavioral1
Sample
Aplicativo Seguro.msi
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Aplicativo Seguro.msi
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Aplicativo Seguro.msi
-
Size
10.3MB
-
MD5
6b73ba5e07eb91c504be1ad2506a9c63
-
SHA1
3d423b4c3c6fe9d35af3681762a664e226436e90
-
SHA256
92dc494adf6c173a0fdae32868d57489b75fd9fb7b14c4d7fa9a6e06a2329ad3
-
SHA512
5c033bf913c0173e2d454daa8cb50bc8ae22932cf0c46a18f150510789e2a7d2ff72d38813a6a0b8f27637991efdf30d5bdb8d8e2306b6056d2198331793e19e
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-