General
-
Target
2b0487817f8cf2592db53cea34fa30f2db1a06d046759f23f3e72a0dc61034dd.zip
-
Size
6.4MB
-
Sample
230321-rxqzzsdb8s
-
MD5
f98b3273364accb1b866fd65ded3df59
-
SHA1
f86c9e8352a670094b768553eef3fae27d0c5506
-
SHA256
d2aebb17723f630ed845a183d5b4af78139ecefd467c6039719a1b3e9ea133dc
-
SHA512
473d07f7de7eae6cf51a3897aeb98e42ccce917aa59c947059b24163ffe631daafbb11c697554ae9b7b19d5a7b27751064a956d34288d6508491907a3ed32137
-
SSDEEP
98304:lmDkMEDa87XDcreTA2U8Ek7vggI2wODRUc8Vc4vevee0Y0nW7CXRXosZYsP:8EZTcLRZKogb7NUc8VcUe3N0OOXoEZP
Static task
static1
Behavioral task
behavioral1
Sample
2b0487817f8cf2592db53cea34fa30f2db1a06d046759f23f3e72a0dc61034dd.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
2b0487817f8cf2592db53cea34fa30f2db1a06d046759f23f3e72a0dc61034dd.exe
-
Size
6.8MB
-
MD5
7923c53381886a69939a56da10dcaa42
-
SHA1
a9f1879a7784933381548e9b8cf10462c3910693
-
SHA256
2b0487817f8cf2592db53cea34fa30f2db1a06d046759f23f3e72a0dc61034dd
-
SHA512
b701902129a3f067076d2aae6ac5d73c59eb4c843f51f45ad40e0c2103883246b2f0ac4da57368c51ac9dd10f6adcf2d5a78632ee319ca5c47b1d420c9de5d4a
-
SSDEEP
98304:ftyBvUTI3/T/O5JtzAE0A050xf3yhDWbMsnJfdViU7DICtzkcPLC+5HTb/hIekb3:f8JRaXQ2xfaWYsJlVdDIaL9b5fzC/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-