General
-
Target
60ef61da7374e3a25a633cc13b40d32df727f5d6d46ce5a6eedd1d2a69a51bce
-
Size
2.1MB
-
Sample
220730-2n14pscdem
-
MD5
a19297b6cb78f0425adb82d008fee1d7
-
SHA1
6195e6ab9f17e2057f6031aa24627c4c31d331b1
-
SHA256
60ef61da7374e3a25a633cc13b40d32df727f5d6d46ce5a6eedd1d2a69a51bce
-
SHA512
087ed76d7c0bffddcdde8e61b8bb112b58ac226aa70d45f317121a0f40dfd1957e1f98ae4cf14e01abab48bf143a1d0811147ebebd024a6a51b7534f68164080
Static task
static1
Behavioral task
behavioral1
Sample
60ef61da7374e3a25a633cc13b40d32df727f5d6d46ce5a6eedd1d2a69a51bce.exe
Resource
win7-20220718-en
Malware Config
Targets
-
-
Target
60ef61da7374e3a25a633cc13b40d32df727f5d6d46ce5a6eedd1d2a69a51bce
-
Size
2.1MB
-
MD5
a19297b6cb78f0425adb82d008fee1d7
-
SHA1
6195e6ab9f17e2057f6031aa24627c4c31d331b1
-
SHA256
60ef61da7374e3a25a633cc13b40d32df727f5d6d46ce5a6eedd1d2a69a51bce
-
SHA512
087ed76d7c0bffddcdde8e61b8bb112b58ac226aa70d45f317121a0f40dfd1957e1f98ae4cf14e01abab48bf143a1d0811147ebebd024a6a51b7534f68164080
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-