General
-
Target
3adaf2bfb411db2b56601739580b8577a11089beffa33df2edbc9369c2e4faa7
-
Size
8.4MB
-
Sample
220212-kgvvnsbgbr
-
MD5
01916ff0453c0730f2a6f4a822840722
-
SHA1
1616f0667616e90847d0585923ba1af1773371ab
-
SHA256
3adaf2bfb411db2b56601739580b8577a11089beffa33df2edbc9369c2e4faa7
-
SHA512
b296150c4cecff1324db41a61ab18b3944a27972abf1f752720efe62f803f56f2d1a4917b96f560e28238dcfc472300749e090a45575a40772af98303226c8a4
Static task
static1
Behavioral task
behavioral1
Sample
3adaf2bfb411db2b56601739580b8577a11089beffa33df2edbc9369c2e4faa7.exe
Resource
win7-en-20211208
Malware Config
Extracted
cryptbot
tisysc64.top
morvak06.top
Targets
-
-
Target
3adaf2bfb411db2b56601739580b8577a11089beffa33df2edbc9369c2e4faa7
-
Size
8.4MB
-
MD5
01916ff0453c0730f2a6f4a822840722
-
SHA1
1616f0667616e90847d0585923ba1af1773371ab
-
SHA256
3adaf2bfb411db2b56601739580b8577a11089beffa33df2edbc9369c2e4faa7
-
SHA512
b296150c4cecff1324db41a61ab18b3944a27972abf1f752720efe62f803f56f2d1a4917b96f560e28238dcfc472300749e090a45575a40772af98303226c8a4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-