General
-
Target
ba316fde098ea8c2c91cafb89c177453a58f03e6a4e79ef45b50333e71e6dd1d
-
Size
2.0MB
-
Sample
201108-hbgwkz9krx
-
MD5
65231ea38214c51ecd17b94ef430a382
-
SHA1
4e92153d59677caa464b4608966b4d59dd711bcb
-
SHA256
ba316fde098ea8c2c91cafb89c177453a58f03e6a4e79ef45b50333e71e6dd1d
-
SHA512
8acd2ddc063e778c8900e663124ab6a857be0e2a7200708c84894f8194f15521466cb3090dbaa3f2e10d08bde1ab5a74e9fa983cbdf063f540d5db32072b14b2
Static task
static1
Behavioral task
behavioral1
Sample
ba316fde098ea8c2c91cafb89c177453a58f03e6a4e79ef45b50333e71e6dd1d.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
ba316fde098ea8c2c91cafb89c177453a58f03e6a4e79ef45b50333e71e6dd1d
-
Size
2.0MB
-
MD5
65231ea38214c51ecd17b94ef430a382
-
SHA1
4e92153d59677caa464b4608966b4d59dd711bcb
-
SHA256
ba316fde098ea8c2c91cafb89c177453a58f03e6a4e79ef45b50333e71e6dd1d
-
SHA512
8acd2ddc063e778c8900e663124ab6a857be0e2a7200708c84894f8194f15521466cb3090dbaa3f2e10d08bde1ab5a74e9fa983cbdf063f540d5db32072b14b2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-