General
-
Target
715a725a1a6ae5c7d3437b0c2914afef7d585aafa068e2d2e9331826000e1bac
-
Size
6.1MB
-
Sample
220927-z189qsefa4
-
MD5
00fcb83ba5ccfc06e0d188da8f7199d9
-
SHA1
d25177c49632ebd00606aca4dc74dc86c2809197
-
SHA256
715a725a1a6ae5c7d3437b0c2914afef7d585aafa068e2d2e9331826000e1bac
-
SHA512
615594dbbdbb73475ee30222fb61b81f48c831518c13a7041acc3e7ceca35d6f4829c44f7bac15e74504b913c06105f13854b041dc61e5ce3c25bd55b6fa16f6
-
SSDEEP
98304:+Mu3f/jr6blqCtAZhO0oNtHjgKPUbzSTcLYUkwf8M2m51AjLrLrQ/8:+Vf/v6bl3tNXtoQcLs/M2mDAjPLF
Malware Config
Extracted
systembc
89.22.225.242:4193
195.2.93.22:4193
Targets
-
-
Target
715a725a1a6ae5c7d3437b0c2914afef7d585aafa068e2d2e9331826000e1bac
-
Size
6.1MB
-
MD5
00fcb83ba5ccfc06e0d188da8f7199d9
-
SHA1
d25177c49632ebd00606aca4dc74dc86c2809197
-
SHA256
715a725a1a6ae5c7d3437b0c2914afef7d585aafa068e2d2e9331826000e1bac
-
SHA512
615594dbbdbb73475ee30222fb61b81f48c831518c13a7041acc3e7ceca35d6f4829c44f7bac15e74504b913c06105f13854b041dc61e5ce3c25bd55b6fa16f6
-
SSDEEP
98304:+Mu3f/jr6blqCtAZhO0oNtHjgKPUbzSTcLYUkwf8M2m51AjLrLrQ/8:+Vf/v6bl3tNXtoQcLs/M2mDAjPLF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-