General
-
Target
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848.zip
-
Size
6.0MB
-
Sample
230321-rxshtaba97
-
MD5
3bf4e2645bf6618f7d53ce27d79b4065
-
SHA1
f7dca938bd5c2ca3bb4eb0604be2d6ad848228cd
-
SHA256
b6622b4c8c25a9bab12f8f1fe2a0e648e62028cd93020df9b9a17a9c1b350824
-
SHA512
0cae218e42ca32f7d2d2328d7a2f26d8caa8d699592634b255577b6ec57a857f2bf6f50b61a746a9c3327cc052c72af3e511c9be3899cbe87d084110d521714b
-
SSDEEP
98304:QeKSoXsg0/D8+xB16HzM9PvivbZx4zHhXF0jzDFK/8D9II9/Aio:QX9WTvkHKvijZx4NF0vZK/8DN/Ab
Malware Config
Targets
-
-
Target
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848.exe
-
Size
6.3MB
-
MD5
b9d635f3b9813943221249aa312ec50d
-
SHA1
27774bbdb9cc9d2f026533c3c36eee06d4d7908e
-
SHA256
7fcd90faf86392f69e354b1d557f531c467636d995be118cc1b9dd20acd66848
-
SHA512
a99ebfccd7b718e0e738a84fbedd5ce9003f2ceb38ca82604516459a143affe3851f24e6303013ad896f1ece0579a89aefce8aca5e5f4bb9e0cf657ddb8d1d48
-
SSDEEP
196608:sxeUbegYe8hMuBHvNoLlG3g/5v1w+P6X+:seUbe5hVvyLHhv36X
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-