General
-
Target
Setup.exe
-
Size
1.2MB
-
Sample
211205-1mptlschgp
-
MD5
bc8111b3644df2ecf6dd70f5747f94af
-
SHA1
fd5206ca026e24f8fba5d2ef10389679d8f0a413
-
SHA256
dbf6d9026dffdb6cfdd845aa094b5ffad2d8a2950db8fe1f02ccdd41f8318947
-
SHA512
786e071e2355201ccd9e51d155231af72b7ce4d3c48becb51c04567f8105fd1a5191348fbce551386aac7bf3584351efab783d5ac417cd3a49d283f63dbb31df
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-en-20211014
Malware Config
Extracted
cryptbot
tisokf71.top
morypv07.top
-
payload_url
http://danevn10.top/download.php?file=avenin.exe
Targets
-
-
Target
Setup.exe
-
Size
1.2MB
-
MD5
bc8111b3644df2ecf6dd70f5747f94af
-
SHA1
fd5206ca026e24f8fba5d2ef10389679d8f0a413
-
SHA256
dbf6d9026dffdb6cfdd845aa094b5ffad2d8a2950db8fe1f02ccdd41f8318947
-
SHA512
786e071e2355201ccd9e51d155231af72b7ce4d3c48becb51c04567f8105fd1a5191348fbce551386aac7bf3584351efab783d5ac417cd3a49d283f63dbb31df
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-