General
-
Target
install_win64.exe
-
Size
2.9MB
-
Sample
230125-yj1qlaae29
-
MD5
03e3bad71e31f6b4269f07a14300a1a2
-
SHA1
b9ecc7cc12c3f2ca94615a3d68331cdb0c659076
-
SHA256
21baf3dbca077ed7a34990db99eb22ea6a085977af4e38436002b06b42cfb96c
-
SHA512
8a7c907c26753dfca2797238cfad7bb7194eb1505896f6192a288537ea7b2a7fbee4c6f84c3b3c23988e61f9ecf7a0ebd084242d2fec233e2b6e58d7d5b5766d
-
SSDEEP
49152:V1fsKJAccz1yNySqWj1ev4yFJzIosdgj7SzI7eM5jWglagRwQRPYcE84HjSdepEH:b7cz1yjySjdgj7Sk7bjpRw2HiSde6DF
Behavioral task
behavioral1
Sample
install_win64.exe
Resource
win7-20221111-en
Malware Config
Extracted
aurora
45.15.156.210:8081
Targets
-
-
Target
install_win64.exe
-
Size
2.9MB
-
MD5
03e3bad71e31f6b4269f07a14300a1a2
-
SHA1
b9ecc7cc12c3f2ca94615a3d68331cdb0c659076
-
SHA256
21baf3dbca077ed7a34990db99eb22ea6a085977af4e38436002b06b42cfb96c
-
SHA512
8a7c907c26753dfca2797238cfad7bb7194eb1505896f6192a288537ea7b2a7fbee4c6f84c3b3c23988e61f9ecf7a0ebd084242d2fec233e2b6e58d7d5b5766d
-
SSDEEP
49152:V1fsKJAccz1yNySqWj1ev4yFJzIosdgj7SzI7eM5jWglagRwQRPYcE84HjSdepEH:b7cz1yjySjdgj7Sk7bjpRw2HiSde6DF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-