General
-
Target
d6067855ac984e670b392dd61df3d362
-
Size
2.6MB
-
Sample
211222-w4bwvsfhb6
-
MD5
d6067855ac984e670b392dd61df3d362
-
SHA1
9320204b0d517cc239a948514982540e6652bbff
-
SHA256
5794e9722cdb1ec697ee0ae9fe5464fb9e85ba3157485d6ecb9cea44455cf37a
-
SHA512
583db7379dd2f7730a2efcf25a118170f59edf6e332f9b946b63df6323317b4d6ff155f9fa4c64041efdc7880fd70714c14b053f2d6ceb330b8ded35e55a8ce9
Static task
static1
Behavioral task
behavioral1
Sample
d6067855ac984e670b392dd61df3d362.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
daispg32.top
morsvo03.top
⥦븁
Â
Targets
-
-
Target
d6067855ac984e670b392dd61df3d362
-
Size
2.6MB
-
MD5
d6067855ac984e670b392dd61df3d362
-
SHA1
9320204b0d517cc239a948514982540e6652bbff
-
SHA256
5794e9722cdb1ec697ee0ae9fe5464fb9e85ba3157485d6ecb9cea44455cf37a
-
SHA512
583db7379dd2f7730a2efcf25a118170f59edf6e332f9b946b63df6323317b4d6ff155f9fa4c64041efdc7880fd70714c14b053f2d6ceb330b8ded35e55a8ce9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-