General
-
Target
b81da24c4c1a9562e616cba0f8f56dda.exe
-
Size
6.8MB
-
Sample
230322-kep7eafg53
-
MD5
b81da24c4c1a9562e616cba0f8f56dda
-
SHA1
ca2632240d831468682a70affdb78bdc40645142
-
SHA256
14933991bc1a703a89ae3a5f72b486bfb700f78adb81e1b3eee8ecaad99c35b8
-
SHA512
8ecd6822a013d05e15e538277ab9298ba3856825ccc9685c3a984b7b2cc75df029c6bda28d390e5162d9f7149ee2bfa262044492372545a1244f6e482dd442af
-
SSDEEP
98304:E2W8dF7/mrq+Itl5rWjAphwMCZdCUAzRM4D8y++yKKBOm4ttJfFB1LHxIffuPyNj:E2z/mrq3PrWcad0+GDKYzxRau6NLY
Malware Config
Targets
-
-
Target
b81da24c4c1a9562e616cba0f8f56dda.exe
-
Size
6.8MB
-
MD5
b81da24c4c1a9562e616cba0f8f56dda
-
SHA1
ca2632240d831468682a70affdb78bdc40645142
-
SHA256
14933991bc1a703a89ae3a5f72b486bfb700f78adb81e1b3eee8ecaad99c35b8
-
SHA512
8ecd6822a013d05e15e538277ab9298ba3856825ccc9685c3a984b7b2cc75df029c6bda28d390e5162d9f7149ee2bfa262044492372545a1244f6e482dd442af
-
SSDEEP
98304:E2W8dF7/mrq+Itl5rWjAphwMCZdCUAzRM4D8y++yKKBOm4ttJfFB1LHxIffuPyNj:E2z/mrq3PrWcad0+GDKYzxRau6NLY
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-