General
-
Target
08ef6479ea772726db377eb7251bf448877d3c1867242865def381222c5149a8
-
Size
4.3MB
-
Sample
220530-y5cwnadhcr
-
MD5
fadc761864c9f8819b963a0bdc893357
-
SHA1
ee8643450535ba5a0ddfe80076241fa0ba10fc53
-
SHA256
08ef6479ea772726db377eb7251bf448877d3c1867242865def381222c5149a8
-
SHA512
712631c50fe0cf61278d194eb30d10f8940b9068dd906d8b3d9cc14b7639123cb8e4dc4bddd9e9ef768c86b0cda066b7886a3961cf9c0bdf69e96a58d985171e
Static task
static1
Behavioral task
behavioral1
Sample
08ef6479ea772726db377eb7251bf448877d3c1867242865def381222c5149a8.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
08ef6479ea772726db377eb7251bf448877d3c1867242865def381222c5149a8
-
Size
4.3MB
-
MD5
fadc761864c9f8819b963a0bdc893357
-
SHA1
ee8643450535ba5a0ddfe80076241fa0ba10fc53
-
SHA256
08ef6479ea772726db377eb7251bf448877d3c1867242865def381222c5149a8
-
SHA512
712631c50fe0cf61278d194eb30d10f8940b9068dd906d8b3d9cc14b7639123cb8e4dc4bddd9e9ef768c86b0cda066b7886a3961cf9c0bdf69e96a58d985171e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-