General
-
Target
DOCUMENTO.BR4.LWhcwWofpgOP7VBMl6Tw.zip
-
Size
125KB
-
Sample
210714-t94dende66
-
MD5
93700042dac8ecfdb0467d0ccf9a03e0
-
SHA1
68ef0083669e2d1c0558a47d3cb030e084fefe1f
-
SHA256
7f91679ae1b3df15f211c431fa41eb2316a88cc84181535c046ac06bc9c85ed9
-
SHA512
a211c787fd6260f051a646d6077fb83241e9cc2a15d7971de9aec6e82f9a9a4d4ab2d1dceacb9a387fc6e504c4833ea15e27e3488e41ca3f693c0406f8d02909
Behavioral task
behavioral1
Sample
DOCUMENTO.BR4.PIXQIGCMOMAJHNVRASLBFSXDNMQAVJ?.msi
Resource
win10v20210410
Malware Config
Targets
-
-
Target
DOCUMENTO.BR4.PIXQIGCMOMAJHNVRASLBFSXDNMQAVJ?.msi
-
Size
282KB
-
MD5
5068c2facc5121859ceb4a337eccab1e
-
SHA1
f6ce53f58563a1f62505b4bac6cf91905805c71e
-
SHA256
f316986a337648669a6ded3161838f7d0a9dac41ef985f9505ad5548e3b3c272
-
SHA512
9baed08b6e0bdc090b09e5399fa1428af4ef1fe11839140881475b52e466496b5a16889c6738214ccf2561fb70af6527701f07e0fb0cc5cf5e6444d7bd73bdcf
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-