General
-
Target
b543353168aed0d8f97bf242c27cebcae520a36aabbd5feddf3331611ec5afc9
-
Size
6.1MB
-
Sample
220215-hn9lasbhh8
-
MD5
d17ddf62b40c19e794160069d3e970ae
-
SHA1
d0371179c03af231a8b07d175141944cb32a5115
-
SHA256
b543353168aed0d8f97bf242c27cebcae520a36aabbd5feddf3331611ec5afc9
-
SHA512
5b1a40e9a2399c6bb7dffd4340859a91a3acc6b8f28e7cafdc1d8df74be1f8a2bb63e76f14305788654f862f3247805cbcf3a94059496e154b5bd239e4eebc7f
Static task
static1
Behavioral task
behavioral1
Sample
b543353168aed0d8f97bf242c27cebcae520a36aabbd5feddf3331611ec5afc9.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
b543353168aed0d8f97bf242c27cebcae520a36aabbd5feddf3331611ec5afc9
-
Size
6.1MB
-
MD5
d17ddf62b40c19e794160069d3e970ae
-
SHA1
d0371179c03af231a8b07d175141944cb32a5115
-
SHA256
b543353168aed0d8f97bf242c27cebcae520a36aabbd5feddf3331611ec5afc9
-
SHA512
5b1a40e9a2399c6bb7dffd4340859a91a3acc6b8f28e7cafdc1d8df74be1f8a2bb63e76f14305788654f862f3247805cbcf3a94059496e154b5bd239e4eebc7f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-