General
-
Target
c2622be2032171119c7322317dcb51a34a16be740698c9098009a4f6d89f0cf8.zip
-
Size
424KB
-
Sample
220111-nnyrpafffm
-
MD5
10ca5ffa6b758063cc8dc91022db54c8
-
SHA1
83e2c279d119d060d163b1a01d45fe3c7245fe32
-
SHA256
665f3007a2c63bcf902cc8071ee7bcbfb0292729772b50c7d64e534ad98c55cc
-
SHA512
3dc8897b3b4a6dad0082beedcbe6305a6bdc787fda82355dbe81817c5b967d53493c3e814260abfaed4dcd8a632500ae82a64d9e583a2d10169adc5c077457ab
Static task
static1
Behavioral task
behavioral1
Sample
Open__Setup_1234.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
kotxdy28.top
moruzj02.top
-
payload_url
http://okavor03.top/download.php?file=acaboa.exe
Targets
-
-
Target
Open__Setup_1234.exe
-
Size
827KB
-
MD5
4d3d1ad82beb0f91c475ba56b7f82bdd
-
SHA1
868b82c80f770a97d88ccb6b6af9ce33c5039d5b
-
SHA256
c2622be2032171119c7322317dcb51a34a16be740698c9098009a4f6d89f0cf8
-
SHA512
e226097fa158eaf7e8dc541bca0248930e5b9546d1a96583ef32f8480b7a28f4147265c814b6d889a0844d1e25fa5c9b302c92c3efe3b2d0d58a3e770593e3a4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-