General
-
Target
0f73f9885dc262aa08acb765fdd226d779265e017ca605da15cb887a2b4b9899
-
Size
2.7MB
-
Sample
211227-lpx6fabaeq
-
MD5
5289cac36220c353af14dc3f14faf91a
-
SHA1
5080eb50ad81a2026d0e155af6149b66b21d2777
-
SHA256
0f73f9885dc262aa08acb765fdd226d779265e017ca605da15cb887a2b4b9899
-
SHA512
44225c2abded6d592b5aa33d5dd81b1ba638dd29237ebc6f781ca3d032cb272f36da0447230d32f556556ef201bd27433a48a289c5a65ed9cc49661b20e98d9c
Static task
static1
Malware Config
Extracted
cryptbot
hevbaw12.top
morgki01.top
-
payload_url
http://kyvihm01.top/download.php?file=brunei.exe
Targets
-
-
Target
0f73f9885dc262aa08acb765fdd226d779265e017ca605da15cb887a2b4b9899
-
Size
2.7MB
-
MD5
5289cac36220c353af14dc3f14faf91a
-
SHA1
5080eb50ad81a2026d0e155af6149b66b21d2777
-
SHA256
0f73f9885dc262aa08acb765fdd226d779265e017ca605da15cb887a2b4b9899
-
SHA512
44225c2abded6d592b5aa33d5dd81b1ba638dd29237ebc6f781ca3d032cb272f36da0447230d32f556556ef201bd27433a48a289c5a65ed9cc49661b20e98d9c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-