General
-
Target
ad8ea695df5324fc974414bae35fbe2ec73cc05858cf1718959bd4e113012793
-
Size
2.6MB
-
Sample
221128-bdxqescd93
-
MD5
fca010496a8558f668fa70a110a32a1c
-
SHA1
4eb15a679da3be447703d12875e93941091ea874
-
SHA256
ad8ea695df5324fc974414bae35fbe2ec73cc05858cf1718959bd4e113012793
-
SHA512
ea62f06b8c6c61e11f03da066d717915ba843561aee2b8f256c2ee581a61120eb1a652857103542be8d22fe6821bf73cec0f619e891618e7410122de5ab41fb7
-
SSDEEP
49152:ktyNBlUvpLoYuV2wwSVaR/5nLSTW3WGrBdxWRWXuBq3QtOzUM3p8Q8n:SvdvM2wwSVaVpmTH7Bq3f4Yp3W
Behavioral task
behavioral1
Sample
ad8ea695df5324fc974414bae35fbe2ec73cc05858cf1718959bd4e113012793.exe
Resource
win7-20221111-en
Malware Config
Extracted
cryptbot
kelgun15.top
mortak01.top
-
payload_url
http://buthyd01.top/download.php?file=lammer.exe
Targets
-
-
Target
ad8ea695df5324fc974414bae35fbe2ec73cc05858cf1718959bd4e113012793
-
Size
2.6MB
-
MD5
fca010496a8558f668fa70a110a32a1c
-
SHA1
4eb15a679da3be447703d12875e93941091ea874
-
SHA256
ad8ea695df5324fc974414bae35fbe2ec73cc05858cf1718959bd4e113012793
-
SHA512
ea62f06b8c6c61e11f03da066d717915ba843561aee2b8f256c2ee581a61120eb1a652857103542be8d22fe6821bf73cec0f619e891618e7410122de5ab41fb7
-
SSDEEP
49152:ktyNBlUvpLoYuV2wwSVaR/5nLSTW3WGrBdxWRWXuBq3QtOzUM3p8Q8n:SvdvM2wwSVaVpmTH7Bq3f4Yp3W
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-