General
-
Target
31a11a0b81f43eeb43887467bbebf5fd.exe
-
Size
6.8MB
-
Sample
230318-pl6vysec8w
-
MD5
31a11a0b81f43eeb43887467bbebf5fd
-
SHA1
187eb286dd68d8421c55a8615ab584cdc280b108
-
SHA256
21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd
-
SHA512
924efe7a92bac35662e5a0e12f49ee18fcd37866d9e2fe7fed3776bc94d87c3a738bffa9bf1b87b47dc1a58154160f5bea2cb026b8204aecaa3cca759386a0f8
-
SSDEEP
98304:zNESvhK3NdZ79CL5ii5wSreJUHKX0l+6p1TzUbjOl9czfxkcVrnkF9QUa8RP:5dKV9CYSwSrgUHKXXKijWWzfxkornzc
Malware Config
Targets
-
-
Target
31a11a0b81f43eeb43887467bbebf5fd.exe
-
Size
6.8MB
-
MD5
31a11a0b81f43eeb43887467bbebf5fd
-
SHA1
187eb286dd68d8421c55a8615ab584cdc280b108
-
SHA256
21e4c999735b8078454d3407c9556aade8d9d477c3b7d2aebc3eee5b5670a3bd
-
SHA512
924efe7a92bac35662e5a0e12f49ee18fcd37866d9e2fe7fed3776bc94d87c3a738bffa9bf1b87b47dc1a58154160f5bea2cb026b8204aecaa3cca759386a0f8
-
SSDEEP
98304:zNESvhK3NdZ79CL5ii5wSreJUHKX0l+6p1TzUbjOl9czfxkcVrnkF9QUa8RP:5dKV9CYSwSrgUHKXXKijWWzfxkornzc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-