General
-
Target
Main_FiIe_Pass_1234.rar
-
Size
6.6MB
-
Sample
220707-psn9gsacd5
-
MD5
0f750f318b2781929f57ce730714ea65
-
SHA1
ca94affc484b01a6c00a9b8750ec197825079535
-
SHA256
cad2f55a065b22ead74a31412134b7a5c6cacb80148440bb1e43da8e85404b3d
-
SHA512
a135da2d8cb966198e782df575cf741ded9cfe78307a6eeccb890664f59535ca7ea272207d3b82af7ac7abf9c77c8519d2ae5418ecd9f52470d173117d1b3c45
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
392.0MB
-
MD5
a8fb781c820b1c4ac317780343fad645
-
SHA1
8c2a0f9023046b0d1e77a6f43d08ba6350ef2fcc
-
SHA256
674da85d1296fed6ad7020f9456361c10d3adeea9422d557ebee6998cf130a81
-
SHA512
ceefada6303c645a58c52fbbafeda4e3889cb589d72c5293d9f2e7c00a3893be88367cc11a0e222d2f12abcf1bcc3c533feb4e79bf859968a547c6db4f4bdb8a
-
suricata: ET MALWARE Generic .bin download from Dotted Quad
suricata: ET MALWARE Generic .bin download from Dotted Quad
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-