General
-
Target
a1ac778bf577c08427a07d56b3cbb032d064cfe111e63662e08f3d06eef75adf
-
Size
4.1MB
-
Sample
220708-k6w42aaggp
-
MD5
86f25489052a06a801557e86481eb4ff
-
SHA1
93da8b350f7be13a5a0f89d6a85b17687a7ff78b
-
SHA256
a1ac778bf577c08427a07d56b3cbb032d064cfe111e63662e08f3d06eef75adf
-
SHA512
9209fe7359c03a25fc1dc7b4d4c03fa3f6e12935ee450562be447598cc8b4bb1357fe0625603f4f00a8aa47bebb9b388cef67583887f97bb16dfc40c6a3144d5
Static task
static1
Behavioral task
behavioral1
Sample
a1ac778bf577c08427a07d56b3cbb032d064cfe111e63662e08f3d06eef75adf.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.33
venomzilla07.ddns.net:64019
-
communication_password
99cff31f078fc5dbb590386c5ea458de
-
tor_process
tor
Targets
-
-
Target
a1ac778bf577c08427a07d56b3cbb032d064cfe111e63662e08f3d06eef75adf
-
Size
4.1MB
-
MD5
86f25489052a06a801557e86481eb4ff
-
SHA1
93da8b350f7be13a5a0f89d6a85b17687a7ff78b
-
SHA256
a1ac778bf577c08427a07d56b3cbb032d064cfe111e63662e08f3d06eef75adf
-
SHA512
9209fe7359c03a25fc1dc7b4d4c03fa3f6e12935ee450562be447598cc8b4bb1357fe0625603f4f00a8aa47bebb9b388cef67583887f97bb16dfc40c6a3144d5
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-