General
-
Target
9d6b14f8d2c57bf52402068db78e43e3dd45c463eab2c976ee079783c1310100
-
Size
1.5MB
-
Sample
220731-fnl4wshcf6
-
MD5
84960484c9c380e86ad79161ecf6eb79
-
SHA1
f2710403bd812447df61a9e0474aac404e689f7b
-
SHA256
9d6b14f8d2c57bf52402068db78e43e3dd45c463eab2c976ee079783c1310100
-
SHA512
e7b9f50808ec59d448f5a851f865bfb4a7969bb1ffce3ffeebdbf255793169044c8ae64778926472864f64d8683f6b290a3f250143a726ab6e36998a4104e726
Static task
static1
Behavioral task
behavioral1
Sample
9d6b14f8d2c57bf52402068db78e43e3dd45c463eab2c976ee079783c1310100.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
9d6b14f8d2c57bf52402068db78e43e3dd45c463eab2c976ee079783c1310100
-
Size
1.5MB
-
MD5
84960484c9c380e86ad79161ecf6eb79
-
SHA1
f2710403bd812447df61a9e0474aac404e689f7b
-
SHA256
9d6b14f8d2c57bf52402068db78e43e3dd45c463eab2c976ee079783c1310100
-
SHA512
e7b9f50808ec59d448f5a851f865bfb4a7969bb1ffce3ffeebdbf255793169044c8ae64778926472864f64d8683f6b290a3f250143a726ab6e36998a4104e726
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-