General
-
Target
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109
-
Size
2.0MB
-
Sample
220625-gjmejaafb2
-
MD5
c52b15f4a09ce8787319bdc694965adb
-
SHA1
7e9629ba5ea2d5889a4e55a81ef959ed4631bcae
-
SHA256
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109
-
SHA512
83045e45d98f13882887f25c80353f546f595d8f94974779971e318a31a8ab37870964eeee1c199233ee99457af89688e67a0f61bf9182a35320b844f19f3146
Static task
static1
Behavioral task
behavioral1
Sample
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109
-
Size
2.0MB
-
MD5
c52b15f4a09ce8787319bdc694965adb
-
SHA1
7e9629ba5ea2d5889a4e55a81ef959ed4631bcae
-
SHA256
dfa838aa7b2d2131aeb52019f617fd10f13a27db4d50cb959623bfd84ca7c109
-
SHA512
83045e45d98f13882887f25c80353f546f595d8f94974779971e318a31a8ab37870964eeee1c199233ee99457af89688e67a0f61bf9182a35320b844f19f3146
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-