General
-
Target
update.exe
-
Size
7.6MB
-
Sample
220914-we3y2sefgl
-
MD5
38d2e3ad694e5221b828441d82d6172d
-
SHA1
02e58b9fccb8fb01339c5f24aa26d656db389bcd
-
SHA256
3e8f5d33715f69f5297ca2750d9a9ed491749f009455217626b16f3b268dbcaf
-
SHA512
e96ca478921cb272f3b246e83b1b7a695638fb001dd05348ef4861b1842a2c49bccc4864867f99439e262fa983202056c196a2508597e2c83f4350683d5e6ea8
-
SSDEEP
196608:Bry4z4fbI39lVt1nRMT2cZlpbhQaQ9HQhMWuKej4ifJj/Fv4wkB1S:44z4MD1nS2YlUz9wTuD5/Fv4wcM
Behavioral task
behavioral1
Sample
update.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
update.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
update.exe
-
Size
7.6MB
-
MD5
38d2e3ad694e5221b828441d82d6172d
-
SHA1
02e58b9fccb8fb01339c5f24aa26d656db389bcd
-
SHA256
3e8f5d33715f69f5297ca2750d9a9ed491749f009455217626b16f3b268dbcaf
-
SHA512
e96ca478921cb272f3b246e83b1b7a695638fb001dd05348ef4861b1842a2c49bccc4864867f99439e262fa983202056c196a2508597e2c83f4350683d5e6ea8
-
SSDEEP
196608:Bry4z4fbI39lVt1nRMT2cZlpbhQaQ9HQhMWuKej4ifJj/Fv4wkB1S:44z4MD1nS2YlUz9wTuD5/Fv4wcM
-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Bazar/Team9 Backdoor payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Nirsoft
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-