General
-
Target
encomendas010-5u44cr2luF.msi
-
Size
578KB
-
Sample
211218-p3284afaf4
-
MD5
d1c43bb1c9758eee8d2643731af9be7f
-
SHA1
0614681917d21a1d06492583561643599d12d5ac
-
SHA256
77178a444840db24cd1398ba699419627ae1ab61bdecda746abd3dd415bccd44
-
SHA512
880ca382078957b3b27c289a9696ceac0add7140b11bfa1bd5335d92361682d43ed3d6c6166433dc90e6e7ecb20dffbb6e4bccd887c6cd15fd2478875ba12039
Static task
static1
Behavioral task
behavioral1
Sample
encomendas010-5u44cr2luF.msi
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
encomendas010-5u44cr2luF.msi
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
encomendas010-5u44cr2luF.msi
-
Size
578KB
-
MD5
d1c43bb1c9758eee8d2643731af9be7f
-
SHA1
0614681917d21a1d06492583561643599d12d5ac
-
SHA256
77178a444840db24cd1398ba699419627ae1ab61bdecda746abd3dd415bccd44
-
SHA512
880ca382078957b3b27c289a9696ceac0add7140b11bfa1bd5335d92361682d43ed3d6c6166433dc90e6e7ecb20dffbb6e4bccd887c6cd15fd2478875ba12039
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-