General
-
Target
bd532d1e7f14ff577daa3a21557eeb31.exe
-
Size
2.6MB
-
Sample
211230-jqzpjsfff2
-
MD5
bd532d1e7f14ff577daa3a21557eeb31
-
SHA1
569003082bf7c286e8e6441eb93fb36c431b2364
-
SHA256
2eab6eeca8ee894e70353f47e930c15fdbd599ae99357b17c2a412d60ecf4d98
-
SHA512
60edfba907820ceb5eddf7369a2bad45fdf86a651b0851fad4bbcac9087fa5f9c38173c27b48f49caebd6339a95a49a3eade8fca1b47f449c05447cb4c3601fe
Static task
static1
Behavioral task
behavioral1
Sample
bd532d1e7f14ff577daa3a21557eeb31.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
hevtal42.top
morosf04.top
-
payload_url
http://kyrgvz05.top/download.php?file=kulmet.exe
Targets
-
-
Target
bd532d1e7f14ff577daa3a21557eeb31.exe
-
Size
2.6MB
-
MD5
bd532d1e7f14ff577daa3a21557eeb31
-
SHA1
569003082bf7c286e8e6441eb93fb36c431b2364
-
SHA256
2eab6eeca8ee894e70353f47e930c15fdbd599ae99357b17c2a412d60ecf4d98
-
SHA512
60edfba907820ceb5eddf7369a2bad45fdf86a651b0851fad4bbcac9087fa5f9c38173c27b48f49caebd6339a95a49a3eade8fca1b47f449c05447cb4c3601fe
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-