General
-
Target
Desktop.rar
-
Size
9.0MB
-
Sample
230312-zn52jsfc86
-
MD5
cc7899ec7fed42804e2db926ec071a40
-
SHA1
43ae46e957a9bdc2c362bed2faab1afd650a1f94
-
SHA256
7e0bf07236840a4543088223ae5deae5a7c4e228e3ad93ac3f73b3abe4858667
-
SHA512
a78505178d9a21e8c3cdddd5d6261d857d6849277d5e64c85956aa21a618da7dcc2bf05167e37984dbc5c1f81554f6012555c678169e2f7ddb2e8a528170334f
-
SSDEEP
196608:ma553bJV4kJtPaYcdARdyMj4QWkxCWvk5qqwhRGelt+S:J3bJeQtPGdNwPWkgWvkXwhRvlb
Behavioral task
behavioral1
Sample
Roles_External.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
fake csgo.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Roles_External.exe
-
Size
9.0MB
-
MD5
002ad7c91deb54e30a919846fe124eaf
-
SHA1
cb092513ae675fe243d92328310471f09b51267a
-
SHA256
e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe
-
SHA512
2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7
-
SSDEEP
196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
fake csgo.exe
-
Size
6KB
-
MD5
d7d024dd3b219a98bc3b39fbdc84e85b
-
SHA1
bac84ee8aa9ce5f82aa833ecfae1da0f542bc23c
-
SHA256
c33b9c17b7df0c8f26049ca6e2421236486560c1758dddd08f27a63320f535eb
-
SHA512
ae5334f99763ad4f5447942364c30a665287d2cde4a96bebf4bb2c9aba6dab9cdf6e8569636ca5414a762581d15f157027d5dcf42b6dc92dae43a0964ed7ad01
-
SSDEEP
96:CG+0zRnV+pmf8PmPlt9XB9z+4+vFlTRXkd9pAuo1zNt:nzRV+CUALVB5pWFllX6YFP
Score1/10 -