General
-
Target
mine.exe
-
Size
5.9MB
-
Sample
210727-zd7m8bjl9j
-
MD5
09d83c47610228fcfa9ac97cddd492fe
-
SHA1
fc63d772dfbf7cde2323f39fadcafbae86894c6a
-
SHA256
3d6a3c3b0bfcd73cb4a07aabfdc5a915b7bc38c835cf5d87b724bc5aa7704653
-
SHA512
2b6e85774a56c58e5ce133406924e38d6b4de8fffd5a46b27813cf738b69a28c877f440a863217fa6983813353a54798b608b1db1f95375ddf4a19e82be2a940
Static task
static1
Malware Config
Targets
-
-
Target
mine.exe
-
Size
5.9MB
-
MD5
09d83c47610228fcfa9ac97cddd492fe
-
SHA1
fc63d772dfbf7cde2323f39fadcafbae86894c6a
-
SHA256
3d6a3c3b0bfcd73cb4a07aabfdc5a915b7bc38c835cf5d87b724bc5aa7704653
-
SHA512
2b6e85774a56c58e5ce133406924e38d6b4de8fffd5a46b27813cf738b69a28c877f440a863217fa6983813353a54798b608b1db1f95375ddf4a19e82be2a940
-
suricata: ET MALWARE Generic gate[.].php GET with minimal headers
-
suricata: ET MALWARE Likely Zbot Generic Request to gate.php Dotted-Quad
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-