General
-
Target
s8rp8qf1DaKw.exe
-
Size
12.2MB
-
Sample
220629-wzh5dadfa7
-
MD5
bb8bf83d5fe4bc0f4b176350d16e8034
-
SHA1
27bba37957ce28558fbb8d36d379ec19bab1253b
-
SHA256
498d9aadff8469c14f053423fc2391b602ac2c74a4f93e3d121625579cf23f57
-
SHA512
bbe2bb4b95e1ecb5bb8bae784c684c6b2af0ba03fff1f1c80c6bf7cc3bf8ca6fdb519a041400a43f0acc7a0a3a2cf08118be2e3537cc945a0b6067875645f5d6
Malware Config
Targets
-
-
Target
s8rp8qf1DaKw.exe
-
Size
12.2MB
-
MD5
bb8bf83d5fe4bc0f4b176350d16e8034
-
SHA1
27bba37957ce28558fbb8d36d379ec19bab1253b
-
SHA256
498d9aadff8469c14f053423fc2391b602ac2c74a4f93e3d121625579cf23f57
-
SHA512
bbe2bb4b95e1ecb5bb8bae784c684c6b2af0ba03fff1f1c80c6bf7cc3bf8ca6fdb519a041400a43f0acc7a0a3a2cf08118be2e3537cc945a0b6067875645f5d6
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
CryptOne packer
Detects CryptOne packer defined in NCC blogpost.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-