General
-
Target
44b10304d78683ddb026960a0d7567439388499d0c7fb82ddd26543e2170cb82
-
Size
851KB
-
Sample
221123-vxll2sdb8t
-
MD5
13f61a50e3fa4090afe0820e96a40d53
-
SHA1
a1e14e2e4c3a8ce1652a0486cdff3cdca4c4e981
-
SHA256
44b10304d78683ddb026960a0d7567439388499d0c7fb82ddd26543e2170cb82
-
SHA512
76d378d1b598a1cffe68b4727ca815029100f5576db8a127c56a9425a67393e9583bc27cee4bb4157061812c96037dfabb2ebf9bcaac1aab7d8b960d22356157
-
SSDEEP
24576:eb6DNkj01lwTvzgfwatVykkqLxqkvDYOn1:a0401lkg1mqLgYDY+1
Static task
static1
Behavioral task
behavioral1
Sample
Videos_fotos_dow_mulheres_lindas_da_net8790328733.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Videos_fotos_dow_mulheres_lindas_da_net8790328733.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.homevirtua.dominiotemporario.com - Port:
21 - Username:
homevirtua - Password:
10203040oi
Extracted
Protocol: ftp- Host:
ftp.homevirtua.dominiotemporario.com - Port:
21 - Username:
homevirtua
Targets
-
-
Target
Videos_fotos_dow_mulheres_lindas_da_net8790328733.exe
-
Size
888KB
-
MD5
320043506d947a4a10cede56e2fd6a17
-
SHA1
531f48e46e2aa59d4e326dfb4d97bbfcd047d054
-
SHA256
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf
-
SHA512
9126ca0a300516a214b5e45c06831af0f25a539a3cf7c427007b03a92cb8be767d13b5ae9f2ab0597bb1181b44c10c05bfb94d3bb863ca4bbe647b3433632d65
-
SSDEEP
12288:SJkRpc6Q+qXScvMuAs0eb71hBpj5SbSh8Z01vjjWfb+OO0Lpeh2vQB0Xkk3JZF:2suT7Vv7BPSbSh6kCfq0L4a53JZ
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-