General
-
Target
ID-Fact.1669756969.zip
-
Size
5.6MB
-
Sample
221129-z9mgbsce41
-
MD5
4c7854f58e377c5c39718ee5b721c818
-
SHA1
284381f2f97e8b8d5f5f47809a32e29102178168
-
SHA256
9c6e79edf44f4a941e230cc529cdf46f618d18c59bcfd775427609618b02279f
-
SHA512
051ec6c272c4c4c0c93376db22d92edc7a8638e1c9958e39f4feaaa630887799e72ee93dfda8f8e5b6d8a11315293464334eff55954768d878fea3879756fb43
-
SSDEEP
98304:PF5nCuLBWYo/GW+FHGuTK5w5HlUxSfGTfU6UO8XHogahpUDefplrpRPIKNH9PY31:95CuLsYHNoclUxSf9K8XHoga8DEpPRg3
Static task
static1
Behavioral task
behavioral1
Sample
Fact63867.msi
Resource
win7-20220812-es
Behavioral task
behavioral2
Sample
Fact63867.msi
Resource
win10v2004-20220812-es
Malware Config
Targets
-
-
Target
Fact63867.msi
-
Size
6.2MB
-
MD5
ed4a51080ca004ea566ac94a3c73e89d
-
SHA1
6928d42a8324c0d93be8655d32c9c5712c8ffcd9
-
SHA256
b324bf2765637c425eea72826c3a1524873fc8b2dc7c06cf9f5b3312bde8861a
-
SHA512
9e5c2f08639edd4bf3a05463a031a4e60a51854bf4f3ed213a1b5e06878e28a7dc951a8039fa35b3024ea8b6c15b833c439ac81908828545a062a0a152e7d14f
-
SSDEEP
98304:5YItM2AfnWKKLLS4MDCMPXbGSfK/8JzDuXcVCfDH22JG3w392SscX7e8iN:pMnlKLO4OLO2DuXcVyvKy2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-