General
-
Target
fc4a9c2c74748dfe0fae2ac5bdeda341.exe
-
Size
3.1MB
-
Sample
211019-qxzfpaggej
-
MD5
fc4a9c2c74748dfe0fae2ac5bdeda341
-
SHA1
185add6ebd0afcc63d9e4d2570ced3de67da5b60
-
SHA256
d746a7cbfb99ea33a59fdc89392c7d36763f728d2ce2525ee117650605a59a7a
-
SHA512
fc720f2ee49792d1e317de96465843893e3de5b50c95a027d8a0574aef9c9f6c4863b461897d38a23353273abcfc771bd46e47ce97684c16060017a5af4d9b5c
Static task
static1
Behavioral task
behavioral1
Sample
fc4a9c2c74748dfe0fae2ac5bdeda341.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
fc4a9c2c74748dfe0fae2ac5bdeda341.exe
-
Size
3.1MB
-
MD5
fc4a9c2c74748dfe0fae2ac5bdeda341
-
SHA1
185add6ebd0afcc63d9e4d2570ced3de67da5b60
-
SHA256
d746a7cbfb99ea33a59fdc89392c7d36763f728d2ce2525ee117650605a59a7a
-
SHA512
fc720f2ee49792d1e317de96465843893e3de5b50c95a027d8a0574aef9c9f6c4863b461897d38a23353273abcfc771bd46e47ce97684c16060017a5af4d9b5c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-