General
-
Target
c66baeff16af16f24789b728391b0b91.exe
-
Size
6.2MB
-
Sample
230323-h6m51sgb7y
-
MD5
c66baeff16af16f24789b728391b0b91
-
SHA1
1a5cc9d0bb2dac69a4b44fe453001d5cc7833064
-
SHA256
470d8301ac8d7e12baca136b154e146703c74b32bb495f4c5487339f570405d6
-
SHA512
ba0c3f65ed20da231e9a4af742a5e0f20a33c95d53e52d74b770e30a3232f244dbdc637bf43944d08890cc831984a6912b4e09eb564f9c3c9b02f484b3ca80ee
-
SSDEEP
98304:bO8KntSM3PAU0VIuZ6Q8ef3ReeBb2HPP0ooAE8oLjJ/NhZv6FJS+Zh1MXAG:pKntS9U0alef3Rp2X1F/sjj6/SYW
Malware Config
Targets
-
-
Target
c66baeff16af16f24789b728391b0b91.exe
-
Size
6.2MB
-
MD5
c66baeff16af16f24789b728391b0b91
-
SHA1
1a5cc9d0bb2dac69a4b44fe453001d5cc7833064
-
SHA256
470d8301ac8d7e12baca136b154e146703c74b32bb495f4c5487339f570405d6
-
SHA512
ba0c3f65ed20da231e9a4af742a5e0f20a33c95d53e52d74b770e30a3232f244dbdc637bf43944d08890cc831984a6912b4e09eb564f9c3c9b02f484b3ca80ee
-
SSDEEP
98304:bO8KntSM3PAU0VIuZ6Q8ef3ReeBb2HPP0ooAE8oLjJ/NhZv6FJS+Zh1MXAG:pKntS9U0alef3Rp2X1F/sjj6/SYW
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-