General
-
Target
24316B3AE1C1BAFEE76CA8BB33807D37130A58BC6AA19.exe
-
Size
2.6MB
-
Sample
220807-red8gabghq
-
MD5
02e35d591e53085dc1eea9f64b718691
-
SHA1
6b579e43003cf746e9412774edeb3cb49ad9c9e1
-
SHA256
24316b3ae1c1bafee76ca8bb33807d37130a58bc6aa19042f06c304af59af615
-
SHA512
2894cd4ea998fa3fa2908b51765f6bde66248ef28b841705ec1fd0f81fdde9144e77b49511b0a544446f8fef8bb37712f4953039551e854a6750821efc0702b0
Static task
static1
Behavioral task
behavioral1
Sample
24316B3AE1C1BAFEE76CA8BB33807D37130A58BC6AA19.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
24316B3AE1C1BAFEE76CA8BB33807D37130A58BC6AA19.exe
-
Size
2.6MB
-
MD5
02e35d591e53085dc1eea9f64b718691
-
SHA1
6b579e43003cf746e9412774edeb3cb49ad9c9e1
-
SHA256
24316b3ae1c1bafee76ca8bb33807d37130a58bc6aa19042f06c304af59af615
-
SHA512
2894cd4ea998fa3fa2908b51765f6bde66248ef28b841705ec1fd0f81fdde9144e77b49511b0a544446f8fef8bb37712f4953039551e854a6750821efc0702b0
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-