General
-
Target
a611c8976de4146d4fdf04a2219aa8e6a72c7039714bb7e4bfca2b503e01db9e
-
Size
213KB
-
Sample
220925-feqqqaefbk
-
MD5
0ef826deb77ebedaaafb9bb5f0915ea0
-
SHA1
eb181d0ccc26c505013707232621ec75c587fdcc
-
SHA256
a611c8976de4146d4fdf04a2219aa8e6a72c7039714bb7e4bfca2b503e01db9e
-
SHA512
cb2e832d1834290fbfb6b5c142edc89f1c35605fbef639e0f6ab4e7874b270ebe4ad9f993123d2c9b4a97f45109c150815ee59f7235efd9348a1f031bb4f9567
-
SSDEEP
3072:WjW6IU3FgUkzpxHMk5u9IJQjMi9Oqjd2/BdncYqzJiv6D9R0tw2RxHcWjVaD/uMk:VU31k/MCuy69HQ/BNcOv6DbqHFV+t8g
Static task
static1
Behavioral task
behavioral1
Sample
a611c8976de4146d4fdf04a2219aa8e6a72c7039714bb7e4bfca2b503e01db9e.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
a611c8976de4146d4fdf04a2219aa8e6a72c7039714bb7e4bfca2b503e01db9e
-
Size
213KB
-
MD5
0ef826deb77ebedaaafb9bb5f0915ea0
-
SHA1
eb181d0ccc26c505013707232621ec75c587fdcc
-
SHA256
a611c8976de4146d4fdf04a2219aa8e6a72c7039714bb7e4bfca2b503e01db9e
-
SHA512
cb2e832d1834290fbfb6b5c142edc89f1c35605fbef639e0f6ab4e7874b270ebe4ad9f993123d2c9b4a97f45109c150815ee59f7235efd9348a1f031bb4f9567
-
SSDEEP
3072:WjW6IU3FgUkzpxHMk5u9IJQjMi9Oqjd2/BdncYqzJiv6D9R0tw2RxHcWjVaD/uMk:VU31k/MCuy69HQ/BNcOv6DbqHFV+t8g
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-