General
-
Target
20.zip
-
Size
10.4MB
-
Sample
220925-elhg9adbc8
-
MD5
e17ed9853440c53954269dc2d97b4ab1
-
SHA1
ed6f99c188726247614b2affc95da967087c9fef
-
SHA256
44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5
-
SHA512
5b02ca10db4617026a911507f9d4a61c167b6435f36135cbfaa572669d53e18d33566db8643feae65ef1315be9f2744dc4fdeb44ec044d8a1770e751dac42bf5
-
SSDEEP
196608:yK6qD/i+k2V4c6gC7CASBtm2q3h7/1nUG3NL6GDsIZCE3K1zEkuwCCjnUdy13sx3:yK6m/PHqCASYd7dnUG92GDs3E32LbY2S
Behavioral task
behavioral1
Sample
20.zip
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
20.zip
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
20.zip
-
Size
10.4MB
-
MD5
e17ed9853440c53954269dc2d97b4ab1
-
SHA1
ed6f99c188726247614b2affc95da967087c9fef
-
SHA256
44a6389937c8a2dcbadfb5d04829a2c36fbcc27b37ddc9719847801222d0cce5
-
SHA512
5b02ca10db4617026a911507f9d4a61c167b6435f36135cbfaa572669d53e18d33566db8643feae65ef1315be9f2744dc4fdeb44ec044d8a1770e751dac42bf5
-
SSDEEP
196608:yK6qD/i+k2V4c6gC7CASBtm2q3h7/1nUG3NL6GDsIZCE3K1zEkuwCCjnUdy13sx3:yK6m/PHqCASYd7dnUG92GDs3E32LbY2S
Score10/10-
Detected bankofmontreal phishing page
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-