General
-
Target
registrator.exe
-
Size
10.2MB
-
Sample
201225-z1zja7ep66
-
MD5
e90adc914ffed2f7601beb33403e3a1a
-
SHA1
54343f9d673ba8a041a9d90ef706ab37c43a2aa9
-
SHA256
bccd9bf98be271d65f16e5c30c7a886157386717856857a1089f0abfc04aa5a1
-
SHA512
d5b369ecacf603fbf143ec6262f237a19969ff0785de403369d8fb707641c09295dc1a40b47f2b399559b9f19dfc06ef4fba6b925abff85e64ba2f758201fc6b
Static task
static1
Behavioral task
behavioral1
Sample
registrator.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
registrator.exe
-
Size
10.2MB
-
MD5
e90adc914ffed2f7601beb33403e3a1a
-
SHA1
54343f9d673ba8a041a9d90ef706ab37c43a2aa9
-
SHA256
bccd9bf98be271d65f16e5c30c7a886157386717856857a1089f0abfc04aa5a1
-
SHA512
d5b369ecacf603fbf143ec6262f237a19969ff0785de403369d8fb707641c09295dc1a40b47f2b399559b9f19dfc06ef4fba6b925abff85e64ba2f758201fc6b
-
Async RAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-