General
-
Target
06a6da8543ba7767c8728a2de532d224.exe
-
Size
2.6MB
-
Sample
211229-jr5xysefb9
-
MD5
06a6da8543ba7767c8728a2de532d224
-
SHA1
94772a4b0bd3230ee749d160366c41751e71f1a0
-
SHA256
41df984882b7cb539f1bcc03433f60e2bd7a0313b1e05bda78338d9176d6996b
-
SHA512
50d8b2e89980357b5aa8393b34bd19be16cd0e92bc1e838c7d8b3ae656af6f9b9b4df18b2eb26528b4dd8d6b2b25a5d1cd0ed85316a47596b90ae913523f4d85
Static task
static1
Behavioral task
behavioral1
Sample
06a6da8543ba7767c8728a2de532d224.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
hevzbn22.top
morwce02.top
-
payload_url
http://kyvgns02.top/download.php?file=finjan.exe
Targets
-
-
Target
06a6da8543ba7767c8728a2de532d224.exe
-
Size
2.6MB
-
MD5
06a6da8543ba7767c8728a2de532d224
-
SHA1
94772a4b0bd3230ee749d160366c41751e71f1a0
-
SHA256
41df984882b7cb539f1bcc03433f60e2bd7a0313b1e05bda78338d9176d6996b
-
SHA512
50d8b2e89980357b5aa8393b34bd19be16cd0e92bc1e838c7d8b3ae656af6f9b9b4df18b2eb26528b4dd8d6b2b25a5d1cd0ed85316a47596b90ae913523f4d85
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-