General
-
Target
23e3550cb43e9362251d56005e3c961c426d8e065ff2f2123f457e217415f6c1.zip
-
Size
6.4MB
-
Sample
230321-rxqn8adb71
-
MD5
747a31043d4d4e4fabeec141b52cd73b
-
SHA1
68bb27da7b6f11ac8db6ecf986198ad99dc471f3
-
SHA256
d50498707804630a79d5930400dec046a9b53fab1cffb1c332bb2b0fa6920113
-
SHA512
442ce7f456830a6cb63753f639cd6ccaae20b442cc1905a21c175983525264a573bb8e883e85590cedd221faa7aa8fdc490e1acdd8a17858619948bdd35cd4dd
-
SSDEEP
98304:QCPt/mSiURgQ3UoLXqRL67miuxDK9ittMa1lQVlq8Uq9Hyr4lJ8eUEK22zXr8zCV:3PdGQkQB7wgifLniFA28lV2Gg+Dpv
Static task
static1
Behavioral task
behavioral1
Sample
23e3550cb43e9362251d56005e3c961c426d8e065ff2f2123f457e217415f6c1.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
23e3550cb43e9362251d56005e3c961c426d8e065ff2f2123f457e217415f6c1.exe
-
Size
6.8MB
-
MD5
ca6b1b3b00d1bdccb7cc73255bc97329
-
SHA1
88923d5bf5f29cab5fe3ac66459bc94d709b06a1
-
SHA256
23e3550cb43e9362251d56005e3c961c426d8e065ff2f2123f457e217415f6c1
-
SHA512
fd92162cb9fc5f0a22e25b17cf9386034121af061b821531823292778978f7f44c2e51a7eadc07e902560ec8cffd389a40dd32649ffe3782fbf956dc293224b3
-
SSDEEP
196608:V09b1yxhIsD1xLyVUZIBZjUQHQ8dq9XvjUQ:V09bsBvy2GjeV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-