General
-
Target
1ed19ad26e2f46770568a3fa1e08eba161c7e9b50900179271c2962aa67aa0c4
-
Size
345KB
-
Sample
220925-17cd1shecn
-
MD5
58d95faa5d76221e6d241dbcc5a50db9
-
SHA1
d268271eb2f16cc4ada2948b6952ccde926fa94a
-
SHA256
1ed19ad26e2f46770568a3fa1e08eba161c7e9b50900179271c2962aa67aa0c4
-
SHA512
1b07c493dc7a6e8bbbf76fb3cac10f5100518799d86ff66063a88e210c69f0f23422274d6c5516eb4ca8028ca159870d41801e3c5b3b70950e752d5e3d1d3903
-
SSDEEP
6144:i+WVyOeJwU4oJ9ZETtTMgxM+cJohaz4YEGjZvo3e+bBDDOXZM7zCc:QIqUj9ZtwMhJoZYEGjpo3e+bB+0
Static task
static1
Behavioral task
behavioral1
Sample
1ed19ad26e2f46770568a3fa1e08eba161c7e9b50900179271c2962aa67aa0c4.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
1ed19ad26e2f46770568a3fa1e08eba161c7e9b50900179271c2962aa67aa0c4
-
Size
345KB
-
MD5
58d95faa5d76221e6d241dbcc5a50db9
-
SHA1
d268271eb2f16cc4ada2948b6952ccde926fa94a
-
SHA256
1ed19ad26e2f46770568a3fa1e08eba161c7e9b50900179271c2962aa67aa0c4
-
SHA512
1b07c493dc7a6e8bbbf76fb3cac10f5100518799d86ff66063a88e210c69f0f23422274d6c5516eb4ca8028ca159870d41801e3c5b3b70950e752d5e3d1d3903
-
SSDEEP
6144:i+WVyOeJwU4oJ9ZETtTMgxM+cJohaz4YEGjZvo3e+bBDDOXZM7zCc:QIqUj9ZtwMhJoZYEGjpo3e+bB+0
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-