General
-
Target
ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
-
Size
68KB
-
Sample
211020-mzc4paghe4
-
MD5
064a8c76b9ee093e9c1de6d9acbef1bf
-
SHA1
37fd361ccbbef5aa5c503044038aafac141c603d
-
SHA256
ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
-
SHA512
4aa80e73e6f2216e2d4835ac3a7e4cb591e8e501c18c29a8a5524ca7c7c2087d18c30deb4fe7caacce2b66078724ff7f544658700e8af309d8360ed2a704acf9
Static task
static1
Malware Config
Targets
-
-
Target
ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
-
Size
68KB
-
MD5
064a8c76b9ee093e9c1de6d9acbef1bf
-
SHA1
37fd361ccbbef5aa5c503044038aafac141c603d
-
SHA256
ab759d4dd1159da2f15203da815fb8568137811a4481354951827e6dc7263b33
-
SHA512
4aa80e73e6f2216e2d4835ac3a7e4cb591e8e501c18c29a8a5524ca7c7c2087d18c30deb4fe7caacce2b66078724ff7f544658700e8af309d8360ed2a704acf9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-