General
-
Target
Universal IPTV Scan v4.0.exe
-
Size
43.8MB
-
Sample
211020-qcr6waaaar
-
MD5
edce1ea84d12ac07872fd79d7262813a
-
SHA1
9dba59744e046dce48ec0c000f6f760f5ef1ad70
-
SHA256
f5ae25bd25a164a53d9764e9f18822ba515517669ecea5b59edcaa7f055138a9
-
SHA512
00a9d2a0477b8335ea77ffb4147fbdf365d98d19f1c343a9ae7ad177530df1b97e5d1b72c466fc85f9435cf87d7b66e711e96be0d132a3904789dc4586c04422
Static task
static1
Malware Config
Targets
-
-
Target
Universal IPTV Scan v4.0.exe
-
Size
43.8MB
-
MD5
edce1ea84d12ac07872fd79d7262813a
-
SHA1
9dba59744e046dce48ec0c000f6f760f5ef1ad70
-
SHA256
f5ae25bd25a164a53d9764e9f18822ba515517669ecea5b59edcaa7f055138a9
-
SHA512
00a9d2a0477b8335ea77ffb4147fbdf365d98d19f1c343a9ae7ad177530df1b97e5d1b72c466fc85f9435cf87d7b66e711e96be0d132a3904789dc4586c04422
-
Modifies visiblity of hidden/system files in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-