General
-
Target
8338faf6ce09d10c980488279700292d4ca6c78eec9e4a37f2a38dff69d8a2ac
-
Size
6.7MB
-
Sample
220521-bag6kabeh5
-
MD5
15876cb731a6c60ec0f618e709c18d3f
-
SHA1
2663a1180fd00ad88b52d1059d29418c969dd814
-
SHA256
8338faf6ce09d10c980488279700292d4ca6c78eec9e4a37f2a38dff69d8a2ac
-
SHA512
a5248376e144c14c42fbc34a2820f1544326328c60b7329f192b5b543c91369a56527b9128316348d2b90210ebe9abdbadfba42a44729d4c893d9c510eabead3
Malware Config
Targets
-
-
Target
ORDER_DE.EXE
-
Size
6.2MB
-
MD5
3fce564b4a23ca5adf5366cc1fe52da8
-
SHA1
4b01fe152fe31611b323c504946c4c3ff266cc4b
-
SHA256
39e57f2225122f4f46e67122bc5a6b49715c21a064c59e322690084305260b62
-
SHA512
02bda5430cccb04adb000845d461f1d6da6858f46b17770224a26fcc6d67eba1ca2e8563fc66d7659171fe48a019c306ef97f6e8a7999e1a4f2d6060608d0df0
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-