General
-
Target
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d
-
Size
1.7MB
-
Sample
220326-g99yhshce6
-
MD5
5de44904fb635506bc43de4fe10c1d38
-
SHA1
b7800af591a87fe99577786b98aa09107e0c4fc8
-
SHA256
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d
-
SHA512
a6462530b591c8222e7cfff9767a412f93ca5d39c56098a5f69724ca606eed70365b904b23939a8dac6aa8bbe398d1aec145d4054af2c4c24d1d757a1e82a73b
Static task
static1
Behavioral task
behavioral1
Sample
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
njrat
0.7d
Zombie
pussy.n-e.kr:5552
b62c95af1d1020e4f746a6e36fa2ec48
-
reg_key
b62c95af1d1020e4f746a6e36fa2ec48
-
splitter
|'|'|
Targets
-
-
Target
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d
-
Size
1.7MB
-
MD5
5de44904fb635506bc43de4fe10c1d38
-
SHA1
b7800af591a87fe99577786b98aa09107e0c4fc8
-
SHA256
111eb3a585b4174c3f222f2ab08fae82dee466415a4f8253754478559963df3d
-
SHA512
a6462530b591c8222e7cfff9767a412f93ca5d39c56098a5f69724ca606eed70365b904b23939a8dac6aa8bbe398d1aec145d4054af2c4c24d1d757a1e82a73b
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-