General
-
Target
chat_6545481_201123.rar
-
Size
2.7MB
-
Sample
201125-6l4e8nmzr2
-
MD5
bc33080d570671a13fdea28648747af6
-
SHA1
b5ca30cc0e200671b00c0249f40880ea0edcfdd3
-
SHA256
ed11d318d94e524bca282505a63b76c3bb70d698e5d76de6ced2fca4b864056f
-
SHA512
3d68e17f9f6813ac8e45221a14d0d205ac211e4191e3ab22c1700328042184a390e5a0f457814a31268b470cb130da673977d8d9e61980d8bce7e523ffe8fe6e
Static task
static1
Behavioral task
behavioral1
Sample
chat_6545481_201123@V.com.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
chat_6545481_201123@V.com
-
Size
4.6MB
-
MD5
99186afb28d61f17962f7bacb915d86e
-
SHA1
290012a72cc40208f4158a953a69ef615a90fad4
-
SHA256
86c5536119bac3ce1fdcb3c5661b44398b3cab23925ea5e456b16801abc75108
-
SHA512
5d37f1ba74aaf90457ce59bbdbbd883ef7e48fbe02d7c0165a556ee87b992ff59cf5be760556009fcae70fd2f47bac6ade5ae60bd25b7f6be788b54ee81aff02
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-