General
-
Target
92ec9a0eaccf10c69c6ecb89398669105ec4fa4c8b7172579381ba586746ec20
-
Size
2.0MB
-
Sample
220630-3j21wacdbk
-
MD5
cbd089fed817ad11f6ad3d2f9731e872
-
SHA1
138eeed3bbce9d86353e125f0022903ea419fe1a
-
SHA256
92ec9a0eaccf10c69c6ecb89398669105ec4fa4c8b7172579381ba586746ec20
-
SHA512
c979db0c2332c6c5e9474cc658194fe5a0726a6b310541bb053c72af32882e2acfa44c5609633b5e8008cef51a8a48ea69cf25570e2fb850f6602319dfed5b50
Malware Config
Targets
-
-
Target
92ec9a0eaccf10c69c6ecb89398669105ec4fa4c8b7172579381ba586746ec20
-
Size
2.0MB
-
MD5
cbd089fed817ad11f6ad3d2f9731e872
-
SHA1
138eeed3bbce9d86353e125f0022903ea419fe1a
-
SHA256
92ec9a0eaccf10c69c6ecb89398669105ec4fa4c8b7172579381ba586746ec20
-
SHA512
c979db0c2332c6c5e9474cc658194fe5a0726a6b310541bb053c72af32882e2acfa44c5609633b5e8008cef51a8a48ea69cf25570e2fb850f6602319dfed5b50
Score10/10-
Modifies WinLogon for persistence
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-