General
-
Target
aTId3S
-
Size
512B
-
Sample
240427-gxstgadd41
-
MD5
13be4b02a2dc124cddd8668a813ddde1
-
SHA1
f6ca6a1c6d113222157e093c990f0923dc93a027
-
SHA256
9e4d758f39b3c78aa35086d78d0e4a2be748e9954dd0543eae8f8b8f799b6d93
-
SHA512
4060182e705f49d66958767a5e19a3c5df0da4ab7735796040f4153d6466dd0cd4744ade442efddb299fb78b2409b16f2ee9ca721eb5914a1dc2327b62c3a492
Static task
static1
Behavioral task
behavioral1
Sample
aTId3S.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aTId3S.html
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
aTId3S
-
Size
512B
-
MD5
13be4b02a2dc124cddd8668a813ddde1
-
SHA1
f6ca6a1c6d113222157e093c990f0923dc93a027
-
SHA256
9e4d758f39b3c78aa35086d78d0e4a2be748e9954dd0543eae8f8b8f799b6d93
-
SHA512
4060182e705f49d66958767a5e19a3c5df0da4ab7735796040f4153d6466dd0cd4744ade442efddb299fb78b2409b16f2ee9ca721eb5914a1dc2327b62c3a492
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Modifies Windows Firewall
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-