General
-
Target
e388c7a9669dbaeb03e7b9aac9f8103171e44fe767a6270bcc922054e90ef343
-
Size
4.0MB
-
Sample
220706-xbfj1sfheq
-
MD5
3a1092aa460540bcd35e203546b64fd3
-
SHA1
03882edef15af619f8df6ab69667282f27894a5f
-
SHA256
e388c7a9669dbaeb03e7b9aac9f8103171e44fe767a6270bcc922054e90ef343
-
SHA512
1ad275b1d7551076761b621835f6b3cd7b8d717289229beb47e4c15812976e5d1df92e1a9734a29ae06d8ccb27b03f90bbf1be63a1b635bf82dbb5c3614a9c7b
Static task
static1
Behavioral task
behavioral1
Sample
e388c7a9669dbaeb03e7b9aac9f8103171e44fe767a6270bcc922054e90ef343.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
e388c7a9669dbaeb03e7b9aac9f8103171e44fe767a6270bcc922054e90ef343
-
Size
4.0MB
-
MD5
3a1092aa460540bcd35e203546b64fd3
-
SHA1
03882edef15af619f8df6ab69667282f27894a5f
-
SHA256
e388c7a9669dbaeb03e7b9aac9f8103171e44fe767a6270bcc922054e90ef343
-
SHA512
1ad275b1d7551076761b621835f6b3cd7b8d717289229beb47e4c15812976e5d1df92e1a9734a29ae06d8ccb27b03f90bbf1be63a1b635bf82dbb5c3614a9c7b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v6
Persistence
Modify Existing Service
1Hidden Files and Directories
2Registry Run Keys / Startup Folder
1Defense Evasion
Virtualization/Sandbox Evasion
1Hidden Files and Directories
2Modify Registry
1