General
-
Target
Full-Setup-Password-123.rar
-
Size
11.0MB
-
Sample
220725-qpndfseedn
-
MD5
0eb210a83fa4f03b17708294d08228f9
-
SHA1
019e823ea5a01c51ccef50bf06b6350b9a4a2df2
-
SHA256
f3d5f74f47f5d48083167e0b918abfd66d9297f548c1a741c7a98eeb78f99f93
-
SHA512
08afa464cdbb7d8407ed96f47bd42455046b78f4f20267910a995b3fbd32018ac25eeaccfa64d4657884d4c05b2129e358180ae8677dea40e657f2b3c8c8e175
Behavioral task
behavioral1
Sample
Full-Setup-Password-123/FullSetup-Crack.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Full-Setup-Password-123/FullSetup-Crack.exe
Resource
win10v2004-20220721-en
Behavioral task
behavioral3
Sample
Full-Setup-Password-123/Pre-ActivatedSetup.exe
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
Full-Setup-Password-123/FullSetup-Crack.exe
-
Size
393.6MB
-
MD5
0ee2fbbeca60e7702c31a5e8f19b5def
-
SHA1
058acb6544c44f917637dca8ef807670b5710a0d
-
SHA256
1c335a259e7440b6a33007f92da124512b16c217f46b4680e35066eb56c9fbf1
-
SHA512
829de71930aaf5d6f8e15aca4694f0f2ceba6163ea10f92ac1e01fb819b4056349b1e50e57d98ee845e5ad088b752b7aaf62072e6807815fd220dd603804fa3b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Full-Setup-Password-123/Pre-ActivatedSetup.exe
-
Size
394.6MB
-
MD5
3f5be2df1e9b82907d2a4c2ef35d4c77
-
SHA1
f9d19490bdb7aeb386c2668ad0ffa70d6e17c910
-
SHA256
3765b96b74793a1d255c903ef7a32c1cfadb2a24997aa7b0b896665d1cbf6b7f
-
SHA512
4ae4ae06a29022f0ce8aef2801cb7488a8ffb55e2f0f59a91ef52320df63eb1fd350da41e6ae3e6e01954072c16aa3cd95526fdd3e017e01d44de32f9b0e228f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-