General
-
Target
install_win64.zip
-
Size
4.8MB
-
Sample
230125-jve6psha4x
-
MD5
661267bd0d0f014628a2e0716cd03a5c
-
SHA1
908aee7753a2a8d3ecffc570c4ed3422740a4f68
-
SHA256
bf46caa96824ab3a6ce2d736c48778936324fbc6a097866a24d2925d9e7cd56e
-
SHA512
aebc9c567254dd8badfe3b1062b3701db3a4a80eb1adc3c009e023c17e9dc810aa204b4f275e948c4ebee2be165462e5e39206b20334395ae384713be60605f3
-
SSDEEP
98304:BEjFd/umi9lCdhyZ4tlAhfDEDJDzE6kWrer8cAO:BEBlumiAyclQQFQ
Behavioral task
behavioral1
Sample
install_win64.exe
Resource
win7-20220812-en
Malware Config
Extracted
aurora
45.15.156.210:8081
Targets
-
-
Target
install_win64.exe
-
Size
470.0MB
-
MD5
b7b7aed1825de00641975dd959c50fa3
-
SHA1
e10c4e7fda881e5e0303e318d719f1107f15a0f1
-
SHA256
7b07ba9da200ae6f41090cf60374521c34a031ca59137196698cc82ec6459a0c
-
SHA512
2b14a8a5d11bfb58d997399c74a53ecf3eec7f582fc6ddfa0a29b39607c5569ad51a64d95e5eb7869471a104935f0c4d27f126a462869ebdb2df4d837d925e6e
-
SSDEEP
49152:V1fsKJAccz1yNySqWj1ev4yFJzIosdgj7SzI7eM5jWglagRwQRPYcE84HjSdepEQ:b7cz1yjySjdgj7Sk7bjpRw2HiSde6DF+
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-