General
-
Target
By_Eddy_1.exe
-
Size
8.4MB
-
Sample
220113-mekm2ahdc7
-
MD5
5e868a8ad8c19dc229d55c7e7592cb3e
-
SHA1
2a2ce601ecab1c6fbea735e7e0a10f46b97c6aea
-
SHA256
6c9ff81bf9fef1c18aa6f69ff0b478d39ad22d2f02b8fd1c5231aeb5c991edef
-
SHA512
c14a64491021069b6d60b8a2b91b61091036435c3f9547d0998abaf0c5ef9706fae331674875684f3eb964b08861f547a19b5798803bf32cb49c20eed9d3a949
Static task
static1
Behavioral task
behavioral1
Sample
By_Eddy_1.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
By_Eddy_1.exe
-
Size
8.4MB
-
MD5
5e868a8ad8c19dc229d55c7e7592cb3e
-
SHA1
2a2ce601ecab1c6fbea735e7e0a10f46b97c6aea
-
SHA256
6c9ff81bf9fef1c18aa6f69ff0b478d39ad22d2f02b8fd1c5231aeb5c991edef
-
SHA512
c14a64491021069b6d60b8a2b91b61091036435c3f9547d0998abaf0c5ef9706fae331674875684f3eb964b08861f547a19b5798803bf32cb49c20eed9d3a949
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-