General
-
Target
d709ae245f2ab9645d6e24270dffa1976934796a12f77ccd8de0a86cffeb0196
-
Size
345KB
-
Sample
221003-18dcpshhhq
-
MD5
dd1698c21fff456856e2fd72cdfe80d8
-
SHA1
aa5370ac373abeb2708150c031f304edbe90f9d8
-
SHA256
d709ae245f2ab9645d6e24270dffa1976934796a12f77ccd8de0a86cffeb0196
-
SHA512
e0da8bf679142d7571dc9f4f1e9e105fe674f35101aa45e1ef423f088f6adc04ca9542cf564b0818d34667666b9054666c178775083a256f50b2ab43172453c5
-
SSDEEP
6144:f6S1ZVlum8KDJUOER/YM78yC4ohQJAyPLbiSuuDOOWfIjl:LPmcUOIgyC4ogA+r7TKI
Static task
static1
Behavioral task
behavioral1
Sample
d709ae245f2ab9645d6e24270dffa1976934796a12f77ccd8de0a86cffeb0196.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
d709ae245f2ab9645d6e24270dffa1976934796a12f77ccd8de0a86cffeb0196
-
Size
345KB
-
MD5
dd1698c21fff456856e2fd72cdfe80d8
-
SHA1
aa5370ac373abeb2708150c031f304edbe90f9d8
-
SHA256
d709ae245f2ab9645d6e24270dffa1976934796a12f77ccd8de0a86cffeb0196
-
SHA512
e0da8bf679142d7571dc9f4f1e9e105fe674f35101aa45e1ef423f088f6adc04ca9542cf564b0818d34667666b9054666c178775083a256f50b2ab43172453c5
-
SSDEEP
6144:f6S1ZVlum8KDJUOER/YM78yC4ohQJAyPLbiSuuDOOWfIjl:LPmcUOIgyC4ogA+r7TKI
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-