General
-
Target
Versatools.exe
-
Size
37.8MB
-
Sample
240526-saetwaba63
-
MD5
3266fa2e2db0f6d3328ae32de4a64c0c
-
SHA1
8cfe11a04008c3c8ffbaae5283e5577e52c88120
-
SHA256
f23fd2d73cb23edfadd7c92456767d8b9310e063d6e2410b40946be4fbe58eb3
-
SHA512
965fe6ebcc5e5b5cb758dc1ca80faeda48e68acaf5d525c9c5722376626897687d5bf1dc671b96bb42745fe520a91240755c8dd83872ba06ff543add8b242d0a
-
SSDEEP
786432:+WQtsdQEWl2j6+s7LWB75zuzWmSDGhQCzjE+/YLKbn0H5+o0:FQtEQJl2qHWB75izWmxjYm0b0
Malware Config
Targets
-
-
Target
Versatools.exe
-
Size
37.8MB
-
MD5
3266fa2e2db0f6d3328ae32de4a64c0c
-
SHA1
8cfe11a04008c3c8ffbaae5283e5577e52c88120
-
SHA256
f23fd2d73cb23edfadd7c92456767d8b9310e063d6e2410b40946be4fbe58eb3
-
SHA512
965fe6ebcc5e5b5cb758dc1ca80faeda48e68acaf5d525c9c5722376626897687d5bf1dc671b96bb42745fe520a91240755c8dd83872ba06ff543add8b242d0a
-
SSDEEP
786432:+WQtsdQEWl2j6+s7LWB75zuzWmSDGhQCzjE+/YLKbn0H5+o0:FQtEQJl2qHWB75izWmxjYm0b0
Score8/10-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-