General
-
Target
b6521c647241a2d90eed590f30a671bb59d0502474591d85c9b47da44f9ed9aa
-
Size
68KB
-
Sample
211021-j5b7ssahak
-
MD5
80ee15eec2f947f29af93c199c6a5062
-
SHA1
60df9a563d7ebc4f265f7aacc8f20ec2ea62643d
-
SHA256
b6521c647241a2d90eed590f30a671bb59d0502474591d85c9b47da44f9ed9aa
-
SHA512
25ea6e80266556be35685f48070a3eddfc8d9fb839ca782044eb4bd892881fffbdbb78499b1a9be356ab9770eca0e932cf748c22cc5f50eed9a6e0c89472fb72
Static task
static1
Malware Config
Targets
-
-
Target
b6521c647241a2d90eed590f30a671bb59d0502474591d85c9b47da44f9ed9aa
-
Size
68KB
-
MD5
80ee15eec2f947f29af93c199c6a5062
-
SHA1
60df9a563d7ebc4f265f7aacc8f20ec2ea62643d
-
SHA256
b6521c647241a2d90eed590f30a671bb59d0502474591d85c9b47da44f9ed9aa
-
SHA512
25ea6e80266556be35685f48070a3eddfc8d9fb839ca782044eb4bd892881fffbdbb78499b1a9be356ab9770eca0e932cf748c22cc5f50eed9a6e0c89472fb72
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-