General
-
Target
Main__File.exe
-
Size
3.8MB
-
Sample
220307-xzpgtsaebn
-
MD5
1ed83087be2b1284b30649a8da6a684d
-
SHA1
1ac6f1f0e7c9c068105ed97e25cdee72abd029ab
-
SHA256
ac4f3f5419ba904e15370cdaa5999b764e139fe0029d643563503b7c6560b756
-
SHA512
0b18f961a77e1482e30b14a4d1ef63dfcca16dd41db09a47d0b23f9a2217688b50ecc88e3e4281009663c31ec1ec5c1a22b94bdc9398687d8af940230a5aed1d
Static task
static1
Behavioral task
behavioral1
Sample
Main__File.exe
Resource
win7-20220223-en
Malware Config
Targets
-
-
Target
Main__File.exe
-
Size
3.8MB
-
MD5
1ed83087be2b1284b30649a8da6a684d
-
SHA1
1ac6f1f0e7c9c068105ed97e25cdee72abd029ab
-
SHA256
ac4f3f5419ba904e15370cdaa5999b764e139fe0029d643563503b7c6560b756
-
SHA512
0b18f961a77e1482e30b14a4d1ef63dfcca16dd41db09a47d0b23f9a2217688b50ecc88e3e4281009663c31ec1ec5c1a22b94bdc9398687d8af940230a5aed1d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-