General
-
Target
mixshop_20211022-040343
-
Size
3.0MB
-
Sample
211022-laxlcsccem
-
MD5
6e658146e790a1e125077f4ca7986cc6
-
SHA1
b68bcaa6ccc0da4aa04ed219f64413beb4983498
-
SHA256
97fc0abb8aaff5a38933382a6323fc073a1fecfc0bc13fa49aa0bec96d9e1286
-
SHA512
9eaea74de47727b86731d1fb4e9f7a4b32a95a4969fe07446f6b681e41434de798c5fef1cb83bdce73bbe9bbcf6fa9190d2fc7eff9bcec1eef9903fc3825b3fa
Static task
static1
Behavioral task
behavioral1
Sample
mixshop_20211022-040343.exe
Resource
win7-en-20211014
Malware Config
Targets
-
-
Target
mixshop_20211022-040343
-
Size
3.0MB
-
MD5
6e658146e790a1e125077f4ca7986cc6
-
SHA1
b68bcaa6ccc0da4aa04ed219f64413beb4983498
-
SHA256
97fc0abb8aaff5a38933382a6323fc073a1fecfc0bc13fa49aa0bec96d9e1286
-
SHA512
9eaea74de47727b86731d1fb4e9f7a4b32a95a4969fe07446f6b681e41434de798c5fef1cb83bdce73bbe9bbcf6fa9190d2fc7eff9bcec1eef9903fc3825b3fa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-