General
-
Target
Open___Full__Setup__3456.exe
-
Size
2.5MB
-
Sample
220131-bsyk9sdhc2
-
MD5
bb2e28ec4f00491a1678c0d2772ddd68
-
SHA1
0217f0c082acc73a472a51eef7b1a7b2dffd3d1d
-
SHA256
af9545784edefd0e644ebd910a6f09fe4def979483fe5058e8c92716e40c5f19
-
SHA512
afd5704e40b80881a492e5d76ce9ce8c7c2dc6bada6399a461cc9627204dd69820b41afd9ca821d873b14b00ba3d308bda469a06f9b0cc2717cfedff903b9087
Static task
static1
Behavioral task
behavioral1
Sample
Open___Full__Setup__3456.exe
Resource
win7-es-20211208
Malware Config
Targets
-
-
Target
Open___Full__Setup__3456.exe
-
Size
2.5MB
-
MD5
bb2e28ec4f00491a1678c0d2772ddd68
-
SHA1
0217f0c082acc73a472a51eef7b1a7b2dffd3d1d
-
SHA256
af9545784edefd0e644ebd910a6f09fe4def979483fe5058e8c92716e40c5f19
-
SHA512
afd5704e40b80881a492e5d76ce9ce8c7c2dc6bada6399a461cc9627204dd69820b41afd9ca821d873b14b00ba3d308bda469a06f9b0cc2717cfedff903b9087
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-