General
-
Target
Setup.zip
-
Size
7.9MB
-
Sample
220705-y4s69aeec3
-
MD5
bddd663983d736ef1eebae80ca9e47c7
-
SHA1
c106fc82e365520215574de59a6c8a4ba118e9e3
-
SHA256
f054473c6d1f29569c8a1784ebfe5406b9f5b5740bf9f361c4f7b1017eb3c7e8
-
SHA512
03f66370c24d763aa8fa47228acce83765e6146dc2b838665828943fc0167968b8f1bf98e68537f496d3a6e4c92041cc901d3adfcbbe405e7142765f1bb53630
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
727.8MB
-
MD5
0cbdf5f35f95ce64d6e7fb2e4ef95836
-
SHA1
e19a9ac85198437858b1f6281de3db9b907a816f
-
SHA256
c6b58e85804228ea3e35cdb3a743737c3963d365afc17af7937aa95975904df2
-
SHA512
78d68daf50b2c85ac51ed510834b228ed5b8de64cc1393c51a593bd034edb7cd4a46c343e414c3b7902efe1deb1f48bdd5f087deb3aa1a678a804fb9c53c71a1
Score10/10-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-