General
-
Target
fses09.ig
-
Size
4.8MB
-
Sample
220429-p1aq3aaea3
-
MD5
128df60c1a391a1df118f59c23c8cf40
-
SHA1
f19db46857534d6509460d671abb67e9df50df0b
-
SHA256
b36104f19ed61faca68a6ecdf9e6a69c11c7502374d17b7b6b91895b2468e506
-
SHA512
422425f6e6e886da43079dc8583d65df427b1b3dcfadf4fc37427035f5accc8d15cbedf6eb53bb34e0cfe04e5af6c816d70d9339daff88ca2183d4f05b9d5312
Static task
static1
Malware Config
Targets
-
-
Target
tAIpbmQIFr.aoc
-
Size
8.3MB
-
MD5
43ec1335c6942f75f1767145382f6f05
-
SHA1
0a72d5292297baa68b4f6fb69a2dca4bff8a54f1
-
SHA256
0facb1550bf9eb5393d10942c99f5171806927e5c221d8db33468287f16efa88
-
SHA512
547f7db51f8281dc1f6e7ce17b1fc8b3d3b675fdfd59451b620d4e6f0708c62ce87e6836c3e981c5867396a05f7c14a27eaf12bcb1d4065a6b74d946886973a5
-
Registers COM server for autorun
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-