General
-
Target
D8C7.exe
-
Size
2.8MB
-
Sample
210926-sdvz9sehen
-
MD5
a8f923639f9b10392a12e409a4b65d80
-
SHA1
5dc1b8d6751f37ac2cfa526e35de2bedac479332
-
SHA256
ec9c47685aaf2711429538df1efddeace58992d79f685387778f0a99af4cdbe5
-
SHA512
57a34ad6388e675c69dcce9a5a8761d9d7ec80be3229545b82dfd8bf16f0702ccdf6a51b8316d569f10f8a6e2e9b9e78ee07227b73d356984a10061b63921214
Static task
static1
Behavioral task
behavioral1
Sample
D8C7.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
D8C7.exe
-
Size
2.8MB
-
MD5
a8f923639f9b10392a12e409a4b65d80
-
SHA1
5dc1b8d6751f37ac2cfa526e35de2bedac479332
-
SHA256
ec9c47685aaf2711429538df1efddeace58992d79f685387778f0a99af4cdbe5
-
SHA512
57a34ad6388e675c69dcce9a5a8761d9d7ec80be3229545b82dfd8bf16f0702ccdf6a51b8316d569f10f8a6e2e9b9e78ee07227b73d356984a10061b63921214
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-