General
-
Target
b642e29066bc94c378a3de14ba7263ab2190aa4b7c140a667014e388b1fa1da8
-
Size
345KB
-
Sample
220927-vxw3safbap
-
MD5
074f4690e37f519e136a17d673fb023c
-
SHA1
6ae97f82fafb429df5c4af4e1f708fa72570cedb
-
SHA256
b642e29066bc94c378a3de14ba7263ab2190aa4b7c140a667014e388b1fa1da8
-
SHA512
b3f268cc367d21d5454c906c23a6830677631c0dc1deb6b1ee3d39fba9e9fec7f9b557f0714a75a0bfff1e72416db15bca7d6757f2089024d4ad55d47a3bc9b7
-
SSDEEP
6144:J+WVyOeJwU4oJ9ZETtTMRxM+cJohwzyqtI+F6F2HAcByuwHtc:dIqUj9ZtDMhJojIdF6Flc0uwH
Static task
static1
Malware Config
Targets
-
-
Target
b642e29066bc94c378a3de14ba7263ab2190aa4b7c140a667014e388b1fa1da8
-
Size
345KB
-
MD5
074f4690e37f519e136a17d673fb023c
-
SHA1
6ae97f82fafb429df5c4af4e1f708fa72570cedb
-
SHA256
b642e29066bc94c378a3de14ba7263ab2190aa4b7c140a667014e388b1fa1da8
-
SHA512
b3f268cc367d21d5454c906c23a6830677631c0dc1deb6b1ee3d39fba9e9fec7f9b557f0714a75a0bfff1e72416db15bca7d6757f2089024d4ad55d47a3bc9b7
-
SSDEEP
6144:J+WVyOeJwU4oJ9ZETtTMRxM+cJohwzyqtI+F6F2HAcByuwHtc:dIqUj9ZtDMhJojIdF6Flc0uwH
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-