General
-
Target
975feaa8efd0fd8c5710652abc197e2c.exe
-
Size
2.6MB
-
Sample
220105-j7vrxsaden
-
MD5
975feaa8efd0fd8c5710652abc197e2c
-
SHA1
496a40eb59fed8322803c276fbd3cd1624f15e24
-
SHA256
7ebd75f04be7424a2c2faa8be74538af662198fcd6c88bbeb4c99df4991ac06d
-
SHA512
5390a8c3cf049a60610d101299f092ddfaf3e1856dff1b87643bfd6d17d2a7b8690b3cb898659e61d2752785ad3aae3e874aea670944e9ccf8846185b0525549
Static task
static1
Behavioral task
behavioral1
Sample
975feaa8efd0fd8c5710652abc197e2c.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
zyobyd22.top
moreja02.top
-
payload_url
http://yaphsq02.top/download.php?file=cantey.exe
Targets
-
-
Target
975feaa8efd0fd8c5710652abc197e2c.exe
-
Size
2.6MB
-
MD5
975feaa8efd0fd8c5710652abc197e2c
-
SHA1
496a40eb59fed8322803c276fbd3cd1624f15e24
-
SHA256
7ebd75f04be7424a2c2faa8be74538af662198fcd6c88bbeb4c99df4991ac06d
-
SHA512
5390a8c3cf049a60610d101299f092ddfaf3e1856dff1b87643bfd6d17d2a7b8690b3cb898659e61d2752785ad3aae3e874aea670944e9ccf8846185b0525549
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-