General
-
Target
ID-22Fact.1655918006.zip
-
Size
909B
-
Sample
220622-y34xcsdae8
-
MD5
3f2cc04c06e426b507a9cdced333ab63
-
SHA1
93f1891e81a08b6a7df02fdd09d4696c7a25c85c
-
SHA256
cd926b9d7e5fba60c79da0fce1555c19e94b9dda7bca36d2150283b0472c9072
-
SHA512
bf46abe0195395f4c99e6e8cf430e5ab04e2201dddb01c5562aa8841a41c19445a6946422b0e9454cdf20d7bd3b58968cef3a16ab86a06d67963e869ffacdf24
Static task
static1
Behavioral task
behavioral1
Sample
F-actura0622.bat
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
F-actura0622.bat
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://20.91.202.137//?a=Z0DEXUBSWD7FE45T3JHBMMJXCW3DON98P9LY3SRT
Targets
-
-
Target
F-actura0622.bat
-
Size
1KB
-
MD5
6cef8304265178796921535f0a2e9c03
-
SHA1
07275c43ac049126b967325baf984e3def7af1ed
-
SHA256
db9c0fd3a144ea0a24d8d65841ae94f7336ed420428dd455ed4b27ac081949c5
-
SHA512
1a2fa8832ed844fad8b704754f929df1ed71931f043571f3c0d9e6025ff821b0169c028f15062df10bb350668522e9f17af14a1dd81283c5222b01af974157f3
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-