General
-
Target
1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7
-
Size
345KB
-
Sample
221004-ecm2dabcg2
-
MD5
d879458fe084027d5a1719359df129ff
-
SHA1
0ba7e5c25d571b8952d46dc715c47c2776732a06
-
SHA256
1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7
-
SHA512
4157cd51b8f17c22c900b34c49e56cbb17d7aa88e4321f3f5444d4b475950e6437bbcb4fcbb6156cb504666fc03182f2d9970eb0fcc809996914c11fbb7ca834
-
SSDEEP
6144:xK5lpVV+1MszHze0x/qJMyy4ohtyYge92QUp4ecu/vL:ev1YzeMyy4op12QUP3
Static task
static1
Behavioral task
behavioral1
Sample
1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7
-
Size
345KB
-
MD5
d879458fe084027d5a1719359df129ff
-
SHA1
0ba7e5c25d571b8952d46dc715c47c2776732a06
-
SHA256
1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7
-
SHA512
4157cd51b8f17c22c900b34c49e56cbb17d7aa88e4321f3f5444d4b475950e6437bbcb4fcbb6156cb504666fc03182f2d9970eb0fcc809996914c11fbb7ca834
-
SSDEEP
6144:xK5lpVV+1MszHze0x/qJMyy4ohtyYge92QUp4ecu/vL:ev1YzeMyy4op12QUP3
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-