General
-
Target
8ea555987f63223d03ccbcf02c5150e3a1ab3a758fdada4044d605028276b367
-
Size
2.6MB
-
Sample
220111-mrwk3afecp
-
MD5
ba90252c43fdfdab7f6f6bf285eb3a4f
-
SHA1
0d77ebe49cdc236ce9fd05b4099ac49935287987
-
SHA256
8ea555987f63223d03ccbcf02c5150e3a1ab3a758fdada4044d605028276b367
-
SHA512
288f849d72e551e1521f6b6fec0b002bd1c03cf22c3a5f8995c565717c33426453d5c21e790f3be8954f4d275cf37e36293cbb7ecbf350f5700764469d117e8f
Static task
static1
Malware Config
Extracted
cryptbot
kotbri22.top
moruzj02.top
-
payload_url
http://okavor03.top/download.php?file=acaboa.exe
Targets
-
-
Target
8ea555987f63223d03ccbcf02c5150e3a1ab3a758fdada4044d605028276b367
-
Size
2.6MB
-
MD5
ba90252c43fdfdab7f6f6bf285eb3a4f
-
SHA1
0d77ebe49cdc236ce9fd05b4099ac49935287987
-
SHA256
8ea555987f63223d03ccbcf02c5150e3a1ab3a758fdada4044d605028276b367
-
SHA512
288f849d72e551e1521f6b6fec0b002bd1c03cf22c3a5f8995c565717c33426453d5c21e790f3be8954f4d275cf37e36293cbb7ecbf350f5700764469d117e8f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-