General
-
Target
4e87844be9a3d598d709ee490b8c9dfb.exe.vir
-
Size
3.3MB
-
Sample
211224-plj17aebb8
-
MD5
4e87844be9a3d598d709ee490b8c9dfb
-
SHA1
632c200233ab10ad4b6f181c324fdddb0dcf7bfc
-
SHA256
91197754094edf14d0f25d8d35614e3abeeb924cfa6c90baf243517457aa6ed4
-
SHA512
697e56257f0ea1294b6d975030f664ccbacfd6a5e1dd7a8931a2a8b5f81423736ba3066cf52a799744219e5e355dba6e0fc2b2166e92e27ab871ca5d9eea362e
Static task
static1
Behavioral task
behavioral1
Sample
4e87844be9a3d598d709ee490b8c9dfb.exe.vir.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
daiewt53.top
morsod05.top
-
payload_url
http://liozke07.top/download.php?file=balker.exe
Targets
-
-
Target
4e87844be9a3d598d709ee490b8c9dfb.exe.vir
-
Size
3.3MB
-
MD5
4e87844be9a3d598d709ee490b8c9dfb
-
SHA1
632c200233ab10ad4b6f181c324fdddb0dcf7bfc
-
SHA256
91197754094edf14d0f25d8d35614e3abeeb924cfa6c90baf243517457aa6ed4
-
SHA512
697e56257f0ea1294b6d975030f664ccbacfd6a5e1dd7a8931a2a8b5f81423736ba3066cf52a799744219e5e355dba6e0fc2b2166e92e27ab871ca5d9eea362e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-