General
-
Target
deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
-
Size
7.6MB
-
Sample
220516-xfh6psehfj
-
MD5
efc5d47f6d5aa4dbd22cd109aa13ac30
-
SHA1
6427617947cca1dc78c5091dcb2c051ab8d5b949
-
SHA256
deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
-
SHA512
0bf945e9f5f84ed82df9d6c160fb495b0f0e121f86e03ee3cd7acad1e0059d914fffde6ea8e3322015aa184792bbd0f9e9f85697ef9a1d06e172b693f839af29
Static task
static1
Behavioral task
behavioral1
Sample
deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
-
Size
7.6MB
-
MD5
efc5d47f6d5aa4dbd22cd109aa13ac30
-
SHA1
6427617947cca1dc78c5091dcb2c051ab8d5b949
-
SHA256
deb4b809f9360df97d5991701bb4ce8d6f0a2b929e1459ea509299b3bfa65d62
-
SHA512
0bf945e9f5f84ed82df9d6c160fb495b0f0e121f86e03ee3cd7acad1e0059d914fffde6ea8e3322015aa184792bbd0f9e9f85697ef9a1d06e172b693f839af29
-
HiveRAT Payload
-
Looks for VirtualBox Guest Additions in registry
-
XMRig Miner Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-