General
-
Target
61d4f24a3ecfb_Wed013b3d5d701.exe
-
Size
2.7MB
-
Sample
220105-eyzbjaabgp
-
MD5
545067a0a51e1d310a2e2f4de09ec7ab
-
SHA1
bfff58d02b443f551623d09fb958e681c2fb629d
-
SHA256
abcacd5822584474d2ee44d7d89a7418d5be58a577118cded92d0f49eb31cbf1
-
SHA512
c7df582f450594ddf2910533ae48b2e2b1affb17aa1082cff81eb4f5609545e89ed3367d41115ec8be29d4c0a65b707fd172eb3cf60928975b17bc4164299b38
Static task
static1
Behavioral task
behavioral1
Sample
61d4f24a3ecfb_Wed013b3d5d701.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
zyokao27.top
moreja02.top
-
payload_url
http://yaphsq02.top/download.php?file=cantey.exe
Targets
-
-
Target
61d4f24a3ecfb_Wed013b3d5d701.exe
-
Size
2.7MB
-
MD5
545067a0a51e1d310a2e2f4de09ec7ab
-
SHA1
bfff58d02b443f551623d09fb958e681c2fb629d
-
SHA256
abcacd5822584474d2ee44d7d89a7418d5be58a577118cded92d0f49eb31cbf1
-
SHA512
c7df582f450594ddf2910533ae48b2e2b1affb17aa1082cff81eb4f5609545e89ed3367d41115ec8be29d4c0a65b707fd172eb3cf60928975b17bc4164299b38
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-