General
-
Target
3e66be1ab42337c8396e71b2068484c3cf786bfefccc3c50114330ff5c080f23
-
Size
66KB
-
Sample
211019-l1m5lsgedp
-
MD5
c01455f045fa249acdce26fe6ed630ef
-
SHA1
ff8cb5803b53e0b6e41a33a62b69bbdf2d525f7d
-
SHA256
3e66be1ab42337c8396e71b2068484c3cf786bfefccc3c50114330ff5c080f23
-
SHA512
64c589836f8fa27c57b2fddd2541a056e3fac9cc87fbfc246fdb8567b3b6a09da97ec09584b7e448282eaf6e709cd45ba84627d9abe788923267cbb10fdf0b32
Static task
static1
Malware Config
Targets
-
-
Target
3e66be1ab42337c8396e71b2068484c3cf786bfefccc3c50114330ff5c080f23
-
Size
66KB
-
MD5
c01455f045fa249acdce26fe6ed630ef
-
SHA1
ff8cb5803b53e0b6e41a33a62b69bbdf2d525f7d
-
SHA256
3e66be1ab42337c8396e71b2068484c3cf786bfefccc3c50114330ff5c080f23
-
SHA512
64c589836f8fa27c57b2fddd2541a056e3fac9cc87fbfc246fdb8567b3b6a09da97ec09584b7e448282eaf6e709cd45ba84627d9abe788923267cbb10fdf0b32
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-