General
-
Target
e55422d97015ca9945114cebaeba4cbf.exe
-
Size
2.7MB
-
Sample
211224-j2qwsacfd3
-
MD5
e55422d97015ca9945114cebaeba4cbf
-
SHA1
671d3c900b4aa7b4568e8a4c61a49075fc74484b
-
SHA256
f3b4f47ab6b09e0b090c6fb6f6145774485e2d043d373ed2971034bf6cd9f420
-
SHA512
9453ae884da5d039fa0ca4fc33216b1ca02d2b40831edf534d7fde16a01c045f1c49ae7935ab317cd6f515e21a9a22ee14cbf3a068627b03e334cdc115603f6f
Static task
static1
Behavioral task
behavioral1
Sample
e55422d97015ca9945114cebaeba4cbf.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
dainfe42.top
morvtu04.top
Targets
-
-
Target
e55422d97015ca9945114cebaeba4cbf.exe
-
Size
2.7MB
-
MD5
e55422d97015ca9945114cebaeba4cbf
-
SHA1
671d3c900b4aa7b4568e8a4c61a49075fc74484b
-
SHA256
f3b4f47ab6b09e0b090c6fb6f6145774485e2d043d373ed2971034bf6cd9f420
-
SHA512
9453ae884da5d039fa0ca4fc33216b1ca02d2b40831edf534d7fde16a01c045f1c49ae7935ab317cd6f515e21a9a22ee14cbf3a068627b03e334cdc115603f6f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-