General
-
Target
3e4f235697282e8f59af60dedbb4a5e53c2e344a876d78b8e6174a54366f16f1
-
Size
3.8MB
-
Sample
220701-jpazsscbd3
-
MD5
ba8ae30fabb76bbbfa36e93af3d5a036
-
SHA1
73a9e8c4c3024b332a6ce8604aded9220fafa3a7
-
SHA256
3e4f235697282e8f59af60dedbb4a5e53c2e344a876d78b8e6174a54366f16f1
-
SHA512
f3bc6c8ed5b9da02ff68c575bd88f1fd2951f572634d12a816d26cc4bee3f19d2db4031139177285f151dc36d04560583b5abad94970850c484606eb313b4d41
Static task
static1
Behavioral task
behavioral1
Sample
3e4f235697282e8f59af60dedbb4a5e53c2e344a876d78b8e6174a54366f16f1.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
3e4f235697282e8f59af60dedbb4a5e53c2e344a876d78b8e6174a54366f16f1
-
Size
3.8MB
-
MD5
ba8ae30fabb76bbbfa36e93af3d5a036
-
SHA1
73a9e8c4c3024b332a6ce8604aded9220fafa3a7
-
SHA256
3e4f235697282e8f59af60dedbb4a5e53c2e344a876d78b8e6174a54366f16f1
-
SHA512
f3bc6c8ed5b9da02ff68c575bd88f1fd2951f572634d12a816d26cc4bee3f19d2db4031139177285f151dc36d04560583b5abad94970850c484606eb313b4d41
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-