General
-
Target
MDE_File_Sample_dc4d334d6c6969514c14f4b232e08ba31583ce35.zip
-
Size
2.2MB
-
Sample
221121-ptljzseb2x
-
MD5
feb8b253a65014970d3e2f42ad4c4889
-
SHA1
82d151dfe0d1f8e47740a3c0f2ed47dd38c726c3
-
SHA256
e9c914d974bd3bf53477fbc789b0ec9fdd2178fc7f76f3816142ea1b32cd14bc
-
SHA512
29b4aacb3850153aeb2f0153bc9c1a71022c400348d2163385d352a55c311e0562e7a3122219fb3a2621ccfc4d4b791ce8537235a0007fb4f0f5bfba1a2fe79e
-
SSDEEP
49152:fQMevo8cr9tBKvt047Bs8DFCcv2VLGjYhwXW8bMPoAleXz4rD4RH:YMevIMa4ihTGz5TAey45
Static task
static1
Behavioral task
behavioral1
Sample
HoAlTUYCD.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1707
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1707
Targets
-
-
Target
HoAlTUYCD.exe
-
Size
2.3MB
-
MD5
03c7b8e50ff9a1ab2d0ae379c0180dec
-
SHA1
dc4d334d6c6969514c14f4b232e08ba31583ce35
-
SHA256
b9e2df677315f07b08f43626c99817ab16c1aceb5812b2ea20cdbc96cdbead4a
-
SHA512
3285c6f489dbbed48bad534c1e57cdf55557c8421c8cecd2d43471cacaf3c016c4c2a72d7870c984ebec2a4c647d38cca8c385d8058c3409748b3f993fd3e6b7
-
SSDEEP
49152:QH039eANocGuhFFg6PDVN4fCNkTXlhVWS8K238nq3uiOVge0y/Ai:2gQSSCFLVN4KNQlhVp8/aq3updFAi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-