General
-
Target
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848.zip
-
Size
6.0MB
-
Sample
230321-qpx8nace8s
-
MD5
78b37737bc51af64cb0319b21461fd52
-
SHA1
47f73802071563e453c3a9e7de6f4b1c187a9a06
-
SHA256
62ddbc3d96ad48500abc0ec85487751ea6a0ce87ccc2273bcce9a74cf266a751
-
SHA512
00e8189de9a80a38e24f856c8549bf2c116da72bf7500ebd77f06d4a61c22d536016c3d6c2ae13240a094cbf3cfa8616244490b395942786d2a461bbf4f58562
-
SSDEEP
98304:s9xd1NH7CxP66lx3Ic7Sv+xBFIDUbc/ZEaF3jTTlCCApeB1qbW:qd1NCl6qmc7SmvFIwoDjTTlCC4eHqi
Static task
static1
Behavioral task
behavioral1
Sample
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848.exe
-
Size
6.3MB
-
MD5
b9d635f3b9813943221249aa312ec50d
-
SHA1
27774bbdb9cc9d2f026533c3c36eee06d4d7908e
-
SHA256
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848
-
SHA512
a99ebfccd7b718e0e738a84fbedd5ce9003f2ceb38ca82604516459a143affe3851f24e6303013ad896f1ece0579a89aefce8aca5e5f4bb9e0cf657ddb8d1d48
-
SSDEEP
196608:sxeUbegYe8hMuBHvNoLlG3g/5v1w+P6X+:seUbe5hVvyLHhv36X
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-