General
-
Target
Install.exe
-
Size
5.9MB
-
Sample
221127-cw3vtsgc9w
-
MD5
35f50ee9675bf66d2d941032272abb8d
-
SHA1
45339e33b7e3d51246e31e4de31c32367f8f1abf
-
SHA256
a7fc1e38349297186b90d7ee6a9a237e8bc4679b6874688cf6b79a7045fd3b47
-
SHA512
53a382a9527f93d9fcd1aa405538d899906cf298010a47b3f19512ae5d9caee9006db5f9f7a43bcc353cc3a35365f653add82417e5c2ba6ffaecb4e2ec22d876
-
SSDEEP
49152:ynG1kZ3xyC9ECuVSsJzE4IK3CRhVSjG6QgU9CF04R0Xv1CntizMf7gRkH:J1kZhDAJ93CXS7V+KUv1Cn8zM7x
Behavioral task
behavioral1
Sample
Install.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
Install.exe
-
Size
5.9MB
-
MD5
35f50ee9675bf66d2d941032272abb8d
-
SHA1
45339e33b7e3d51246e31e4de31c32367f8f1abf
-
SHA256
a7fc1e38349297186b90d7ee6a9a237e8bc4679b6874688cf6b79a7045fd3b47
-
SHA512
53a382a9527f93d9fcd1aa405538d899906cf298010a47b3f19512ae5d9caee9006db5f9f7a43bcc353cc3a35365f653add82417e5c2ba6ffaecb4e2ec22d876
-
SSDEEP
49152:ynG1kZ3xyC9ECuVSsJzE4IK3CRhVSjG6QgU9CF04R0Xv1CntizMf7gRkH:J1kZhDAJ93CXS7V+KUv1Cn8zM7x
-
Modifies security service
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-