General
-
Target
satan_1.0.0.6.vir
-
Size
186KB
-
Sample
200719-qqms7j6ddx
-
MD5
b15b72290de91e819900fa1a5b44d149
-
SHA1
7182c6b1f970d882ef7e1c6c4608c43b80b6b381
-
SHA256
84dd7afbfc63272eea2c55b6d079ef1897971516e3a7359aa932fec10ea6d4b6
-
SHA512
1bc3225884abca71be1eb1cc1b16dc82fec8c657e0992957d93687e45e40e38aba701571f9f58ea7100b464ba2d64b0600548889c92826f17708eabc43822100
Static task
static1
Behavioral task
behavioral1
Sample
satan_1.0.0.6.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
satan_1.0.0.6.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
satan_1.0.0.6.vir
-
Size
186KB
-
MD5
b15b72290de91e819900fa1a5b44d149
-
SHA1
7182c6b1f970d882ef7e1c6c4608c43b80b6b381
-
SHA256
84dd7afbfc63272eea2c55b6d079ef1897971516e3a7359aa932fec10ea6d4b6
-
SHA512
1bc3225884abca71be1eb1cc1b16dc82fec8c657e0992957d93687e45e40e38aba701571f9f58ea7100b464ba2d64b0600548889c92826f17708eabc43822100
Score9/10-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-