General
-
Target
57fe3c34a73768fce9e42473532850c03b47eddcdf878a3afb14318aaacd6b0c
-
Size
2.2MB
-
Sample
221221-17jhbsde44
-
MD5
f6232a2ae8c13154c0b635900e5d5606
-
SHA1
3dc773c2edc6dacb581be6ac37e404a091bae760
-
SHA256
57fe3c34a73768fce9e42473532850c03b47eddcdf878a3afb14318aaacd6b0c
-
SHA512
8902664b973efd46e56d12f151257bd8988d79ecafa32ee136b171979dac138b7ee98e45b9361f499916013a1fd37572360e6f88cc1fa24d81617328dd6d2ebd
-
SSDEEP
49152:SIaJIbJosoFb+OX3z1Ek8fBI361rMKuWjRzyzSbxkq1DfDE:5aJIbKVFbd61rMKuWNyzykq1jI
Static task
static1
Behavioral task
behavioral1
Sample
57fe3c34a73768fce9e42473532850c03b47eddcdf878a3afb14318aaacd6b0c.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
cryptotab.me:4001
portexcloud.xyz:4001
Targets
-
-
Target
57fe3c34a73768fce9e42473532850c03b47eddcdf878a3afb14318aaacd6b0c
-
Size
2.2MB
-
MD5
f6232a2ae8c13154c0b635900e5d5606
-
SHA1
3dc773c2edc6dacb581be6ac37e404a091bae760
-
SHA256
57fe3c34a73768fce9e42473532850c03b47eddcdf878a3afb14318aaacd6b0c
-
SHA512
8902664b973efd46e56d12f151257bd8988d79ecafa32ee136b171979dac138b7ee98e45b9361f499916013a1fd37572360e6f88cc1fa24d81617328dd6d2ebd
-
SSDEEP
49152:SIaJIbJosoFb+OX3z1Ek8fBI361rMKuWjRzyzSbxkq1DfDE:5aJIbKVFbd61rMKuWNyzykq1jI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-