General
-
Target
Open_File__Setup__3456.exe
-
Size
2.4MB
-
Sample
220115-tmdysafbdj
-
MD5
ce0635542db5e01faf2ad9e993b49f89
-
SHA1
3d1cee7769e9007518645cfc42b8e010a6fa8dda
-
SHA256
bf8ad824079b1874e69533189ff017da98a6547e0d88af78242208ed3690bd8d
-
SHA512
9ec84c22a5c185aaf8c44f3ce9dd331c850de9661af2b700d0432f555e132e128e4b2a4afd4990569dafc199bc83268983ca4dc09a071ad80a129c5f49403fb9
Static task
static1
Behavioral task
behavioral1
Sample
Open_File__Setup__3456.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
kotidu68.top
morzaq06.top
-
payload_url
http://okadoc09.top/download.php?file=makeyr.exe
Targets
-
-
Target
Open_File__Setup__3456.exe
-
Size
2.4MB
-
MD5
ce0635542db5e01faf2ad9e993b49f89
-
SHA1
3d1cee7769e9007518645cfc42b8e010a6fa8dda
-
SHA256
bf8ad824079b1874e69533189ff017da98a6547e0d88af78242208ed3690bd8d
-
SHA512
9ec84c22a5c185aaf8c44f3ce9dd331c850de9661af2b700d0432f555e132e128e4b2a4afd4990569dafc199bc83268983ca4dc09a071ad80a129c5f49403fb9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-