General
-
Target
mekpayload.zip
-
Size
14.3MB
-
Sample
230317-xbrbhsbe7y
-
MD5
ba3e9e13da5c3cd90bd729eabbd98c5e
-
SHA1
cb0c3da0c99d5947b84b144427dce0918b12f466
-
SHA256
4cbae49ea38538510e34c36627d4476c83334777bc514fa3e3b50cc2f75d87cd
-
SHA512
75ecbef02ab63b75223479690bcddfdc91720e6f59b1205188c195f68413299678c979830e85622ab1c01c32a2e51e433cf77ceb532ef3c9f65cb7d0c5ff1c6c
-
SSDEEP
393216:IaYFe8Xr6jDRJpkXX9cdL0Qu/1CPn0kZvvrCPq07ADCioUykKT:I1our6DsmLFu/+0kZvvmimZnPT
Behavioral task
behavioral1
Sample
BIHBXRSIVW.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BIHBXRSIVW.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
YPRII8GSNC37Q6VEFsss.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
YPRII8GSNC37Q6VEFsss.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BIHBXRSIVW.rCJ
-
Size
14.5MB
-
MD5
9c10a526a73893354ffda1070e3c438f
-
SHA1
ce854ebd481c03df98625619bcc258614fc19515
-
SHA256
9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c
-
SHA512
56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466
-
SSDEEP
393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
YPRII8GSNC37Q6VEFsss
-
Size
889KB
-
MD5
03c469798bf1827d989f09f346ce95f7
-
SHA1
05e491bc1b8fbfbfdca24b565f2464137f30691e
-
SHA256
de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
-
SHA512
d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238
-
SSDEEP
24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu
Score1/10 -