General
-
Target
1f6f84590c65b33e57d56ac58723bb255342a8cc9290ad7cf54041c9ad5103ae
-
Size
2.2MB
-
Sample
220612-wkbfzsedd5
-
MD5
c9f0723f619ad123e8f27adf28646d56
-
SHA1
1093e9089c4b0dad95cbb09c2953eb4aaf439966
-
SHA256
1f6f84590c65b33e57d56ac58723bb255342a8cc9290ad7cf54041c9ad5103ae
-
SHA512
51d7781b1160f633e221d877cba33a12ee65d2a75e3e429d53b18f4768996e1e0ea0578096963ab0cf70dd4873ad0084efc02fad45a3a773ab3fe7ab9f256b47
Static task
static1
Behavioral task
behavioral1
Sample
1f6f84590c65b33e57d56ac58723bb255342a8cc9290ad7cf54041c9ad5103ae.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
1f6f84590c65b33e57d56ac58723bb255342a8cc9290ad7cf54041c9ad5103ae
-
Size
2.2MB
-
MD5
c9f0723f619ad123e8f27adf28646d56
-
SHA1
1093e9089c4b0dad95cbb09c2953eb4aaf439966
-
SHA256
1f6f84590c65b33e57d56ac58723bb255342a8cc9290ad7cf54041c9ad5103ae
-
SHA512
51d7781b1160f633e221d877cba33a12ee65d2a75e3e429d53b18f4768996e1e0ea0578096963ab0cf70dd4873ad0084efc02fad45a3a773ab3fe7ab9f256b47
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-