General
-
Target
631d0685ab6d3fe4366e214b4df464bd827010ba7cbbacf3646421b11437be36
-
Size
2.8MB
-
Sample
220207-q68qqacff8
-
MD5
a8ec76c0bdfeca4cae17bd1f65b65171
-
SHA1
1f1810a5115c2ec982151c322e64dae5aa65e5ab
-
SHA256
631d0685ab6d3fe4366e214b4df464bd827010ba7cbbacf3646421b11437be36
-
SHA512
3fdfe0db41e76aa60f157a7421684c58a7326b04ded6f03616730da8f613a6483b65580898be7de9eb0fb04eade3d45c8c0db3f4820329b97250e829f8805be7
Static task
static1
Behavioral task
behavioral1
Sample
631d0685ab6d3fe4366e214b4df464bd827010ba7cbbacf3646421b11437be36.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
631d0685ab6d3fe4366e214b4df464bd827010ba7cbbacf3646421b11437be36
-
Size
2.8MB
-
MD5
a8ec76c0bdfeca4cae17bd1f65b65171
-
SHA1
1f1810a5115c2ec982151c322e64dae5aa65e5ab
-
SHA256
631d0685ab6d3fe4366e214b4df464bd827010ba7cbbacf3646421b11437be36
-
SHA512
3fdfe0db41e76aa60f157a7421684c58a7326b04ded6f03616730da8f613a6483b65580898be7de9eb0fb04eade3d45c8c0db3f4820329b97250e829f8805be7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-