General
-
Target
Payment advice.zip
-
Size
612KB
-
Sample
230125-l83v2ahd2t
-
MD5
fbc616e48a9bf3df5358dc4b7091cd50
-
SHA1
3d2cf7ff523b5f81cebf93e683608b88063627d6
-
SHA256
6f517346dda6fb2c2ebb5daa79accf165e866ec394a3bec9983b96a372cdfcda
-
SHA512
1530fe86d5df0a510f407e86f3aa7344efa0b6935bd3bdad23a65516a2f57d1712ef34593b27e789a472116e2762c1743aeb4c017b58e63acd57ac5252c4da2a
-
SSDEEP
12288:tYd2/E5EXG+SF8zOqW5t86xhjeXvnafEOBr52ox1fpiCQmtxYDJUJt:tYd2s0k8dW5t86ufMDrrlLiq
Static task
static1
Behavioral task
behavioral1
Sample
Payment advice.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Payment advice.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Payment advice.exe
-
Size
664KB
-
MD5
c59007226b76f19d81731c274478a91f
-
SHA1
226308c36c0a4f7b63a46e470f0d79c217c03a07
-
SHA256
c2d1359274d63fa192cfa5e08e73328b47170d2be743dee89bae0555eef65ace
-
SHA512
0b15bfbdab99569764d7ed50328c73761cb44c8def6081693abf0ff91aab0d202d80c286b9c7422700dea8844890c2ee76f790b93116b4274353e678eb3ee343
-
SSDEEP
12288:20Q4KjkKYrubiXG+IF8zIqW5temxhjejvnapEOfr52oj1fpiC0mn/Yic4:oolr6Ue87W5tem2jAlr5lVwic4
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-