General
-
Target
6306fa49c774ee6bcad7fd51926ac1755404ffef9245ffd37447f7211ab70ca8
-
Size
345KB
-
Sample
221005-17vklafgf2
-
MD5
376f6463917034d82a93d097be810046
-
SHA1
2038e0242ecd85b7085f8a892e502b3473ed5b6a
-
SHA256
6306fa49c774ee6bcad7fd51926ac1755404ffef9245ffd37447f7211ab70ca8
-
SHA512
f0f957c566b787356abde242caa7eb841944779c1fb40a3af5c55d95d6eb17c18d960f44fbdf790972292856ac73d725f6929ad999a979a39cdee8cf95179752
-
SSDEEP
6144:t6S1ZVlum8KDJUOER/YMF8yC4ohOgjZquSxQ41uciwpflJnsw:lPmcUOI6yC4o1j0f5flJn
Static task
static1
Behavioral task
behavioral1
Sample
6306fa49c774ee6bcad7fd51926ac1755404ffef9245ffd37447f7211ab70ca8.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
6306fa49c774ee6bcad7fd51926ac1755404ffef9245ffd37447f7211ab70ca8
-
Size
345KB
-
MD5
376f6463917034d82a93d097be810046
-
SHA1
2038e0242ecd85b7085f8a892e502b3473ed5b6a
-
SHA256
6306fa49c774ee6bcad7fd51926ac1755404ffef9245ffd37447f7211ab70ca8
-
SHA512
f0f957c566b787356abde242caa7eb841944779c1fb40a3af5c55d95d6eb17c18d960f44fbdf790972292856ac73d725f6929ad999a979a39cdee8cf95179752
-
SSDEEP
6144:t6S1ZVlum8KDJUOER/YMF8yC4ohOgjZquSxQ41uciwpflJnsw:lPmcUOI6yC4o1j0f5flJn
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-