General
-
Target
CFDI_826271.zip
-
Size
173KB
-
Sample
220718-w2ak1seaam
-
MD5
dea9dcf6e099e8353d6b32fbeffb0457
-
SHA1
cd62506700c0e98f8c2bb5662776c165881fde5a
-
SHA256
7da358abbfdb15dcb4f1c3ffca1aaf5c801c82bd77ea3a3d1a397741c176b13d
-
SHA512
effe98fac1ca94006f7d3bd9fb515fc8efac7f47f3cb315c18d14cfffaec78b8227022da94410120f96bc0f8b806da2b5e212e30fde3ec1fb032a29097160b4c
Static task
static1
Malware Config
Targets
-
-
Target
CFDI 826271 71074.exe
-
Size
334.4MB
-
MD5
7ac85137fd754a9a31f724c0c9883162
-
SHA1
26b5f8d21c2ead0eeda43ab571bf6ec1b672910c
-
SHA256
8b39ad4a31e74ca2ff52b3339230fab9793e86a8a7370b64ee63aac3825a0ea7
-
SHA512
957c9a6f9813b9df8275f7a9fc4bb65a56f2c7a653bf6853cc1deaebab0eaf9464c187ba6a3aa65b10f3d7fbefa04345574e752366035c28ae492bdd4c28ef00
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-