General
-
Target
62648d0b64bbd4f5e4be007c752b174203384145604833b15eb967b0efa9ec30
-
Size
8.6MB
-
Sample
220625-lr98safchm
-
MD5
1d0f0178e9fe7c70684b48699b6b327a
-
SHA1
538b422631bf46c9647aac19d542cad8e910bc37
-
SHA256
62648d0b64bbd4f5e4be007c752b174203384145604833b15eb967b0efa9ec30
-
SHA512
8f0c41459589c14a8a010e1a2eadecd17c89189ef492b9828c76cd350a7af103c2e4f38dc47d38fc127a0a963a74972b8fbea7006acfbf335145372f2b0dfdb2
Static task
static1
Behavioral task
behavioral1
Sample
62648d0b64bbd4f5e4be007c752b174203384145604833b15eb967b0efa9ec30.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
62648d0b64bbd4f5e4be007c752b174203384145604833b15eb967b0efa9ec30
-
Size
8.6MB
-
MD5
1d0f0178e9fe7c70684b48699b6b327a
-
SHA1
538b422631bf46c9647aac19d542cad8e910bc37
-
SHA256
62648d0b64bbd4f5e4be007c752b174203384145604833b15eb967b0efa9ec30
-
SHA512
8f0c41459589c14a8a010e1a2eadecd17c89189ef492b9828c76cd350a7af103c2e4f38dc47d38fc127a0a963a74972b8fbea7006acfbf335145372f2b0dfdb2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-