General
-
Target
satan_1.0.0.9.vir
-
Size
189KB
-
Sample
200719-fn6rjj7asx
-
MD5
7f20b566c295cb058b55f69a49d0d83c
-
SHA1
2f53999c8d41c62be58e4d067f18945edf4e1ff9
-
SHA256
ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b
-
SHA512
0d51a4aa18203e9ab34c3ee66a70109d70bd36a2a3ecfa36886d4463532f2121153250c10f230b1314b2c519b4f1d40d103ff590c5d076cc9730247878dd64c8
Static task
static1
Behavioral task
behavioral1
Sample
satan_1.0.0.9.vir.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
satan_1.0.0.9.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
satan_1.0.0.9.vir
-
Size
189KB
-
MD5
7f20b566c295cb058b55f69a49d0d83c
-
SHA1
2f53999c8d41c62be58e4d067f18945edf4e1ff9
-
SHA256
ed84a7185bd3decfe9104fa3f6dad24bb0a0ff27a1a792a05ef0f2b010bf7b9b
-
SHA512
0d51a4aa18203e9ab34c3ee66a70109d70bd36a2a3ecfa36886d4463532f2121153250c10f230b1314b2c519b4f1d40d103ff590c5d076cc9730247878dd64c8
Score9/10-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-