General
-
Target
b9d635f3b9813943221249aa312ec50d.exe
-
Size
6.3MB
-
Sample
230319-rx1jesag9s
-
MD5
b9d635f3b9813943221249aa312ec50d
-
SHA1
27774bbdb9cc9d2f026533c3c36eee06d4d7908e
-
SHA256
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848
-
SHA512
a99ebfccd7b718e0e738a84fbedd5ce9003f2ceb38ca82604516459a143affe3851f24e6303013ad896f1ece0579a89aefce8aca5e5f4bb9e0cf657ddb8d1d48
-
SSDEEP
196608:sxeUbegYe8hMuBHvNoLlG3g/5v1w+P6X+:seUbe5hVvyLHhv36X
Malware Config
Targets
-
-
Target
b9d635f3b9813943221249aa312ec50d.exe
-
Size
6.3MB
-
MD5
b9d635f3b9813943221249aa312ec50d
-
SHA1
27774bbdb9cc9d2f026533c3c36eee06d4d7908e
-
SHA256
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848
-
SHA512
a99ebfccd7b718e0e738a84fbedd5ce9003f2ceb38ca82604516459a143affe3851f24e6303013ad896f1ece0579a89aefce8aca5e5f4bb9e0cf657ddb8d1d48
-
SSDEEP
196608:sxeUbegYe8hMuBHvNoLlG3g/5v1w+P6X+:seUbe5hVvyLHhv36X
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-