General
-
Target
Activate__Full__Setup.exe
-
Size
2.5MB
-
Sample
220119-tr9w1sbdh8
-
MD5
1e07343c234d91c56b9dd6618fe2707e
-
SHA1
f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237
-
SHA256
32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e
-
SHA512
a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b
Static task
static1
Behavioral task
behavioral1
Sample
Activate__Full__Setup.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Activate__Full__Setup.exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
Activate__Full__Setup.exe
Resource
win11
Malware Config
Targets
-
-
Target
Activate__Full__Setup.exe
-
Size
2.5MB
-
MD5
1e07343c234d91c56b9dd6618fe2707e
-
SHA1
f6d0f9b4543897d9cc5fa6cf98003b74cdf5c237
-
SHA256
32d3346ff0178589981d808bfd950b5867e6245bd659d27341269af83785bd6e
-
SHA512
a8ecc970e83fada0bff522321376987e28224f57782deabb69c986be6f7caa9c0f9e7c85d6350ac7236f1a7c6b2e1d44230f9a92a59770793c5b2fb3df52de9b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-