General
-
Target
Setup.zip
-
Size
7.8MB
-
Sample
220719-m3fc8abfc5
-
MD5
119682a5a81ffb9afe5d2381afdd1f3b
-
SHA1
a4f1903b97a045fb69d645ad1591308f71a1446f
-
SHA256
0f9d692ba0dae34d5f693dc0a6af523a2df4a75f0b36d93054436de4d4f15629
-
SHA512
c2fb44a03eb2fab6840a52ab9225a09e753e99e638837a4888b6b69cb50ae81583dfbd283589ec2dbe172d940fb75df3fa6bba01bf72a912892f07366cb1f1c0
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
727.2MB
-
MD5
6a8f1c82a4f4edabc0c487e57d1c1e46
-
SHA1
718e890935a7e74e9555f4066beff511309eb95d
-
SHA256
30a6026e3ef8575d703c5188df9e9e995f7b0cc5d216d611d59f0d37a823bd4a
-
SHA512
c40c2a42e6d14645762f7267c3307570fbf64d2bc86b71356d09f89e6ba7c482ceecb8b3f82c273f15d3d32d75663b8d84acffb0a357a049b0d26d78fc1c5e7e
Score10/10-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-