General
-
Target
2dd9a2b06e2612ae5264b6f5770909ef.exe
-
Size
6.5MB
-
Sample
230322-xytedscg6s
-
MD5
2dd9a2b06e2612ae5264b6f5770909ef
-
SHA1
57ba2ebc6f49d513066bf3810acbbebfea93bd6f
-
SHA256
c00cfa33f9810d7332c7f184d5bc0b3733fe47bcd076787b01a82e11ee457815
-
SHA512
b3fbe44ae466a0795e4c53c6d6746206ed392ea46dc4e8c80a9cf622f85f66159796bfb8ffec21ca546d7c57720808c21613c04b12961d24a76633c691f71a34
-
SSDEEP
98304:1w+Gs1CprmJ2Iv2v7WH/Rl7fqfe0Ni6Ik2iVAwfRQBLgzSbsvB/BURkYnrY/MXJZ:i+Gs1jJXv2qH/vzqfpiXaQkdZ/W222R
Static task
static1
Behavioral task
behavioral1
Sample
2dd9a2b06e2612ae5264b6f5770909ef.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
2dd9a2b06e2612ae5264b6f5770909ef.exe
-
Size
6.5MB
-
MD5
2dd9a2b06e2612ae5264b6f5770909ef
-
SHA1
57ba2ebc6f49d513066bf3810acbbebfea93bd6f
-
SHA256
c00cfa33f9810d7332c7f184d5bc0b3733fe47bcd076787b01a82e11ee457815
-
SHA512
b3fbe44ae466a0795e4c53c6d6746206ed392ea46dc4e8c80a9cf622f85f66159796bfb8ffec21ca546d7c57720808c21613c04b12961d24a76633c691f71a34
-
SSDEEP
98304:1w+Gs1CprmJ2Iv2v7WH/Rl7fqfe0Ni6Ik2iVAwfRQBLgzSbsvB/BURkYnrY/MXJZ:i+Gs1jJXv2qH/vzqfpiXaQkdZ/W222R
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-