General
-
Target
s.exe
-
Size
8KB
-
Sample
220120-k6zvxshce4
-
MD5
9117ec9c09a548e549b5a85431d621ae
-
SHA1
d7bf8b631eb814a0d41318fe3d97c45264739e19
-
SHA256
5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f
-
SHA512
2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b
Static task
static1
Behavioral task
behavioral1
Sample
s.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
s.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
mnayarhaytham2022@gmail.com - Password:
mayarhaytham0106214438
Targets
-
-
Target
s.exe
-
Size
8KB
-
MD5
9117ec9c09a548e549b5a85431d621ae
-
SHA1
d7bf8b631eb814a0d41318fe3d97c45264739e19
-
SHA256
5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f
-
SHA512
2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-