General
-
Target
16x.bin.zip
-
Size
3.1MB
-
Sample
201230-da5ckfs5nn
-
MD5
039cd2d7f20c2c0ff13a01694dce3953
-
SHA1
9c8deb0fd5f752a114034902b1b0092778d72a22
-
SHA256
536b5f8fb36ee7fbcef6c1293c8bf1b17d1645aa845a7ac2cccdbe9fd16c99d8
-
SHA512
2484089512ae3b28f9d7df32ca6b4c922978b5908bd74f7a39cbd4ac9bba81e4513c91a84476bd3286aa5f1402fe9f74d55d93c9ca50900ea939690339f52b4a
Static task
static1
Behavioral task
behavioral1
Sample
16x.bin.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
16x.bin
-
Size
4.4MB
-
MD5
3e05cdc35f300de783fcb3dcd71e4970
-
SHA1
abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
-
SHA256
adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
-
SHA512
fff156d64fcd720d2d27b3e53dccb9fb817775b11b04eae44e41bb266112f3655ced03ef3e6037748155bdd02b6d749eda778e92eb66a9362546513c48ce4775
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
JavaScript code in executable
-