General
-
Target
8cf91ab56b76fa08c150ab82a820dadd9258a518853fa2fd5f888c72b218755e
-
Size
3.9MB
-
Sample
220708-t1985scef7
-
MD5
dd4545c556991a9e8845d69ceaadc545
-
SHA1
dd3446d90d8e31a185ad967f8f1a31e4c663d971
-
SHA256
8cf91ab56b76fa08c150ab82a820dadd9258a518853fa2fd5f888c72b218755e
-
SHA512
264234045036992a7c8c31847a0cc15d23e72919606241934fd40c71bdc1601f921c363dc441cab47e24daa344f43f3092a5fa4d0e90962cba1aa39e3df2a52d
Static task
static1
Behavioral task
behavioral1
Sample
8cf91ab56b76fa08c150ab82a820dadd9258a518853fa2fd5f888c72b218755e.exe
Resource
win7-20220414-en
Malware Config
Extracted
bitrat
1.33
23.105.131.186:9000
-
communication_password
c4ca4238a0b923820dcc509a6f75849b
-
tor_process
tor
Targets
-
-
Target
8cf91ab56b76fa08c150ab82a820dadd9258a518853fa2fd5f888c72b218755e
-
Size
3.9MB
-
MD5
dd4545c556991a9e8845d69ceaadc545
-
SHA1
dd3446d90d8e31a185ad967f8f1a31e4c663d971
-
SHA256
8cf91ab56b76fa08c150ab82a820dadd9258a518853fa2fd5f888c72b218755e
-
SHA512
264234045036992a7c8c31847a0cc15d23e72919606241934fd40c71bdc1601f921c363dc441cab47e24daa344f43f3092a5fa4d0e90962cba1aa39e3df2a52d
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-