General
-
Target
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
Size
4.3MB
-
Sample
220625-fd86nsghe5
-
MD5
328ebad3b9024940b56a758598dd9811
-
SHA1
915ad091b5d250ff94aa2aec146dc5214558b0d8
-
SHA256
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
SHA512
2975063ec08f72a5d8747c84cb32efba335263f35f21daa137839262f82197b79658b450dec676a3a6887c229929210823fedc56630cea2137e2b9728bb405a1
Static task
static1
Behavioral task
behavioral1
Sample
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
Size
4.3MB
-
MD5
328ebad3b9024940b56a758598dd9811
-
SHA1
915ad091b5d250ff94aa2aec146dc5214558b0d8
-
SHA256
d9f01436c890d26da55d5caa1999e73ef71fab82310ee65ea7d038a7e9ad5374
-
SHA512
2975063ec08f72a5d8747c84cb32efba335263f35f21daa137839262f82197b79658b450dec676a3a6887c229929210823fedc56630cea2137e2b9728bb405a1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-