General
-
Target
86f2df809c0171217f3256bb975e6cb5b2fda17ab3fbbe173ba4fc5faba128f2
-
Size
2.6MB
-
Sample
220109-qmzzgadhbn
-
MD5
11a48632edc8e09578ae7317fd0e4e8e
-
SHA1
db7cb323639991ff511946fed8ba9331c06ef83b
-
SHA256
86f2df809c0171217f3256bb975e6cb5b2fda17ab3fbbe173ba4fc5faba128f2
-
SHA512
414b54684236f8ddc0e709be46188ec4ff7755496a63df68239ddd9e4e6f2b94ddf707d64242763accf1719b15fc7beca02367b190c5ca53a8831900df152370
Static task
static1
Behavioral task
behavioral1
Sample
open__with_Pass__1234.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
hevbxl65.top
mordva06.top
-
payload_url
http://kyrpdc09.top/download.php?file=tirosh.exe
Targets
-
-
Target
open__with_Pass__1234.exe
-
Size
2.6MB
-
MD5
b7514493369e8291696b83bc8fd2d293
-
SHA1
336d67e539b20f9075989c82fffb989f3b900edf
-
SHA256
0182dd1303e3147c39eb13aa0c5cfafa989f77c000f65c3cc1254034911ad17c
-
SHA512
2b8801ce0a2d30d97d00fbbe2c58bd92b32f32fd386833ab4c7baddff1293794b6e082ff0ba778a1806bec96fd2eeebd45c41181b80a1c70bcfcfe129b4a2a43
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-