General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
-
Size
915KB
-
Sample
221129-p2cbaaaf27
-
MD5
b5678475c3c15fdafff2c5c8b49d5dc1
-
SHA1
7407554011988292b3e3522e19edb5532f21ee4e
-
SHA256
755c44b90198282d2494321b4cb18cab7e4426efd1b7f4a20f2a0793d68a2a1f
-
SHA512
05eb462d04fa52dc64781064305aaf73c960765e35f51ef3eeb87e81e25d2dbdcfe7e2c51840ccc4d25e61a7ffc4d0786232c115a395f5e94eaba9508088aecc
-
SSDEEP
12288:B0dqU+0zR1NqFgVkN3kXsujtKtVrA8RssJk0cDe1Wa33JzysxUi59zDdzoa1cfN:KvFqgVAU8LrLq0vBhyLiTDdEPf
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
k0ud
KKDeo2UqDEnUCpVOQojSRXBi
2tZJH0HRrIOVDeTfmg==
MKSmj+CZhRhujjE=
s5bXm6Sadg2zBdu7hw==
8mGZiJJg7IwdLLs+pPMOfKhNGytf
ngJVQAUrwkHr
n91w0jH0iJFIpiaP
lWk89cFyI5pIpiaP
3r4L8XkqBgU3dCR30w4ZcMRga0A=
l53c8qJWOTJroVjOHBlgjJs=
y0It19ubd+FIpiaP
9Xqagljz0BeZp7ryuO4I
gxIH4giok36VxknyuO4I
tAZMOEL32FgOEBvnr8gQcg==
w0p+SzTMwKm8BcW1gw==
kxD3oaFJ6xlOeHqH
jp4I7QirduJ8slPyuO4I
LSxuX8BlRh0yWAWTEhlgjJs=
ZrTTvJ49FI8rZ09psvo=
LLSsX0XevItIpiaP
2UE1EjbKb6LM+i0TlwsuXoU=
uypbCSzRpAODqqSur8gQcg==
VUx3S79WRXRJgiw=
p2WVg+t1TmN1obryuO4I
Vyh54vkhwE0LFg==
gPwt8LxySnRJgiw=
x6KynTbiuqnj9pn7AAU3iow=
x8/61/7gspBIpiaP
joTnyRfMro9IpiaP
dsH1qlzqxB+i02DI+0pt2hsDmLK+0jt+
3D50M9tyQq5IXulhoOtHerd8
Sbm5LBorwkHr
wCAuGzLLwLfe8OTAr8gQcg==
bcnHtOSRbP+W3x5+uPU=
fmyiYZdQMSUQfrl5r/I=
c8bzo2Ya9lXJ4uANj5VHerd8
+zxELFIrwkHr
s7Du5VwT7Ig6XnR4he0JasOtMCsD2TFx
oAwBsb6OUHRJgiw=
HfXx2LBmMIwdLLs+pPMOfKhNGytf
8OIjkAe6YsCz7/zfcJv9E1As2A==
ogVpV/aTYZUIICMOrBc6d6+JG2S+0jt+
kAgH5BOwiBx2jy4=
6UaDLtt4QaMuZU9psvo=
zEJ2V0niahGVr0zyuO4I
1TEtneCyjeRIpiaP
uzYsOcuEY3mnDeTfmg==
V0hILNNwR3RJgiw=
0Fp/amj71lr9P9tipgYkXJ5uchFtQBs=
Zxwh8gsvmc71Ew==
3U2Rbk4wvCG/ANMRl/A=
N7QjBLtQNmhqhDs=
0T0/twK4hemKpLOtt+5Herd8
byRpOPwCakJnDeTfmg==
++ZRAvacY5CDnx+N
TTFePsR6UjtgenRs5FOvlqJ2
r74jFkTcfXTqDCH3esno2zv2zw==
d0+XQQW6jfGEkB2qZM8llLZ0
/1CIbFf6wS3JCMA0brncQlYiuHTNLg==
S9z1Wl4gDWH1
dT7UqKMZzfPrDg==
8nCfURngxjO4D8TRnN38Zg==
wRBEH/qfccc8owFPm/I=
TZ5n8ou1J5tIpiaP
mahalaburn.com
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.22726.1920.exe
-
Size
915KB
-
MD5
b5678475c3c15fdafff2c5c8b49d5dc1
-
SHA1
7407554011988292b3e3522e19edb5532f21ee4e
-
SHA256
755c44b90198282d2494321b4cb18cab7e4426efd1b7f4a20f2a0793d68a2a1f
-
SHA512
05eb462d04fa52dc64781064305aaf73c960765e35f51ef3eeb87e81e25d2dbdcfe7e2c51840ccc4d25e61a7ffc4d0786232c115a395f5e94eaba9508088aecc
-
SSDEEP
12288:B0dqU+0zR1NqFgVkN3kXsujtKtVrA8RssJk0cDe1Wa33JzysxUi59zDdzoa1cfN:KvFqgVAU8LrLq0vBhyLiTDdEPf
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-