General
-
Target
DCBR.msi
-
Size
5.6MB
-
Sample
210722-bpyykm5lwx
-
MD5
3eb2ea9527590196759a92fdd24eaf8b
-
SHA1
22cb16a1c4331efa0f228484578b54708dcc1f0b
-
SHA256
0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15
-
SHA512
9c775c31e2148a2bd8a82b5be6527d2ccbd8d31df3afda7d5e4b6f35c7bceb4bee42c9933a5e5a38e9eacfd2b97b0ad6e3b896a6b5e1b4e043c83e265264bbbc
Static task
static1
Malware Config
Targets
-
-
Target
DCBR.msi
-
Size
5.6MB
-
MD5
3eb2ea9527590196759a92fdd24eaf8b
-
SHA1
22cb16a1c4331efa0f228484578b54708dcc1f0b
-
SHA256
0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15
-
SHA512
9c775c31e2148a2bd8a82b5be6527d2ccbd8d31df3afda7d5e4b6f35c7bceb4bee42c9933a5e5a38e9eacfd2b97b0ad6e3b896a6b5e1b4e043c83e265264bbbc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-