General
-
Target
c704c7e9120eb4a56ebb38c6a6421bb6ad2f89caadbb2ac8bdea12ffdfc924b1
-
Size
17.2MB
-
Sample
210122-ghmf3zl52j
-
MD5
eb8675ee3ff229c68929c17bfdbc39dc
-
SHA1
443d5d405511367933e2fbf43f7c22024e276939
-
SHA256
c704c7e9120eb4a56ebb38c6a6421bb6ad2f89caadbb2ac8bdea12ffdfc924b1
-
SHA512
b2870c23d1bb0c666b0034f8959e698c4099ad9eb1d4061976d46f63b04a7577e2a926f634299c8e145084f9be29c6f567a1f95bed396e829c3b0eca955d6702
Static task
static1
Behavioral task
behavioral1
Sample
c704c7e9120eb4a56ebb38c6a6421bb6ad2f89caadbb2ac8bdea12ffdfc924b1.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
c704c7e9120eb4a56ebb38c6a6421bb6ad2f89caadbb2ac8bdea12ffdfc924b1
-
Size
17.2MB
-
MD5
eb8675ee3ff229c68929c17bfdbc39dc
-
SHA1
443d5d405511367933e2fbf43f7c22024e276939
-
SHA256
c704c7e9120eb4a56ebb38c6a6421bb6ad2f89caadbb2ac8bdea12ffdfc924b1
-
SHA512
b2870c23d1bb0c666b0034f8959e698c4099ad9eb1d4061976d46f63b04a7577e2a926f634299c8e145084f9be29c6f567a1f95bed396e829c3b0eca955d6702
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-