General
-
Target
dd96b13e82e44ba3b20e0ef08bedd0342cc7347339292388f29d9c7539e71df1
-
Size
2.7MB
-
Sample
220211-c8kj1sbegn
-
MD5
3aad5cb245c67dcc227bda1dd4ffc88b
-
SHA1
13be9d3f00503f3faf7233815f5adcc3357993bd
-
SHA256
dd96b13e82e44ba3b20e0ef08bedd0342cc7347339292388f29d9c7539e71df1
-
SHA512
9efa9aea5dc722519fe15127a6bf24cd7c45113414734c3da8089a1ab13cfe34120ecdf2aca5972d25078d4f4752b2a7ef91d61ad808c1692308fe8287c8be2f
Static task
static1
Behavioral task
behavioral1
Sample
dd96b13e82e44ba3b20e0ef08bedd0342cc7347339292388f29d9c7539e71df1.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
zyodof42.top
moregv04.top
-
payload_url
http://yaplzm05.top/download.php?file=bargen.exe
Targets
-
-
Target
dd96b13e82e44ba3b20e0ef08bedd0342cc7347339292388f29d9c7539e71df1
-
Size
2.7MB
-
MD5
3aad5cb245c67dcc227bda1dd4ffc88b
-
SHA1
13be9d3f00503f3faf7233815f5adcc3357993bd
-
SHA256
dd96b13e82e44ba3b20e0ef08bedd0342cc7347339292388f29d9c7539e71df1
-
SHA512
9efa9aea5dc722519fe15127a6bf24cd7c45113414734c3da8089a1ab13cfe34120ecdf2aca5972d25078d4f4752b2a7ef91d61ad808c1692308fe8287c8be2f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-