General
-
Target
55bf200391c8fba3a4b5dded96e2bde5798aa2dba263067035f2fa09ad32283f
-
Size
849KB
-
Sample
220725-shb3ysfgbm
-
MD5
0f97c0600cb950fe9430023345529356
-
SHA1
0464e631d06da0bc9a18a4b1b6252c436686914a
-
SHA256
55bf200391c8fba3a4b5dded96e2bde5798aa2dba263067035f2fa09ad32283f
-
SHA512
327d97ba76ee59a3ed800fe66bc13627eab90ca5dd0fac4335251b961df38cba976ac308d0933f15bb16ec970accda46faf3687499c51c72f0d771dc421433da
Static task
static1
Behavioral task
behavioral1
Sample
55bf200391c8fba3a4b5dded96e2bde5798aa2dba263067035f2fa09ad32283f.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
55bf200391c8fba3a4b5dded96e2bde5798aa2dba263067035f2fa09ad32283f
-
Size
849KB
-
MD5
0f97c0600cb950fe9430023345529356
-
SHA1
0464e631d06da0bc9a18a4b1b6252c436686914a
-
SHA256
55bf200391c8fba3a4b5dded96e2bde5798aa2dba263067035f2fa09ad32283f
-
SHA512
327d97ba76ee59a3ed800fe66bc13627eab90ca5dd0fac4335251b961df38cba976ac308d0933f15bb16ec970accda46faf3687499c51c72f0d771dc421433da
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-