General
-
Target
adcf4f2d9028c52a8b7b7b7880aa5d6b.bin
-
Size
6.5MB
-
Sample
230323-b2sflsef61
-
MD5
1aba5a1d47d903a4b4cefea7f6f61ac9
-
SHA1
49fa5690bd9c3a9ff85bcd8a35d5e3ed0318954a
-
SHA256
3bd7b7a8c24b8c5cec7e95cfb907c95fd824a306c9ffc015fe9065cbe3c5e03d
-
SHA512
dc42cd7ffa3034d6e68774826d43ac82d257b475868182f7fa4e6e441da39d637a13f9115355f8b0a4ba3af4977f5b9c2ceec978c27d458aefccebc5a19df18d
-
SSDEEP
98304:F1ofONJ89lcVQnc96ZjaVFd67Q0psPcL+F8udOpW2Nq1UQamgT7YjOCvBTqEVmI:FWkKcVQaVFd6/pwMBPI+QamggjOiplmI
Malware Config
Targets
-
-
Target
bdce60e92616f204631ebac6d57c74fd2214c9591c6faa2a76150c6ac15c6ac0.exe
-
Size
6.8MB
-
MD5
adcf4f2d9028c52a8b7b7b7880aa5d6b
-
SHA1
60c9c134ff2cd2847b9f8ff58aead722e9ac43a8
-
SHA256
bdce60e92616f204631ebac6d57c74fd2214c9591c6faa2a76150c6ac15c6ac0
-
SHA512
2277f133303010cd19690d9142513bbd9cdd61c0189807cfe58ff7e2aa734623549992eb8e7bc8c306d6a292990904ce0a8a826f0c3e436a1d1d8f84ef5c6af4
-
SSDEEP
196608:0dvbLD+bI92rDvjxLZisgOb5nEqc93TkNboL:0vbLwrLjxLZishuT8A
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-