General
-
Target
537534bb72f2f3945b9d4fcbfc30425eb4f9faeaac120fc560a130a11121e68b
-
Size
2.1MB
-
Sample
220716-3t4x8agdbq
-
MD5
e4ea85000f7e19cd745aaebca5309b58
-
SHA1
562370dcc59955b44bbf5509c7467c70e8256d11
-
SHA256
537534bb72f2f3945b9d4fcbfc30425eb4f9faeaac120fc560a130a11121e68b
-
SHA512
4126a75fb73aafe6cc4d09bcbe601c9238ee6ecd044f342c65e659c7b5abb8a28e9f69d891975d68175edc0777c2c39ce11e7ae354257a58e3d25b2f3e23ae47
Static task
static1
Behavioral task
behavioral1
Sample
537534bb72f2f3945b9d4fcbfc30425eb4f9faeaac120fc560a130a11121e68b.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
537534bb72f2f3945b9d4fcbfc30425eb4f9faeaac120fc560a130a11121e68b
-
Size
2.1MB
-
MD5
e4ea85000f7e19cd745aaebca5309b58
-
SHA1
562370dcc59955b44bbf5509c7467c70e8256d11
-
SHA256
537534bb72f2f3945b9d4fcbfc30425eb4f9faeaac120fc560a130a11121e68b
-
SHA512
4126a75fb73aafe6cc4d09bcbe601c9238ee6ecd044f342c65e659c7b5abb8a28e9f69d891975d68175edc0777c2c39ce11e7ae354257a58e3d25b2f3e23ae47
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-