General
-
Target
2dd9a2b06e2612ae5264b6f5770909ef.bin
-
Size
6.3MB
-
Sample
230324-bpcjmabc88
-
MD5
c56e5e149214f251cfe7dbf5f27c4309
-
SHA1
74c25d5d9f9735dcfaf40ed5837bb47c8abbeb06
-
SHA256
7eee076008cd25337f39eb1a5aa7b6ef17b7e571ca88a92b0a5581a8559e7e8f
-
SHA512
f60a1015689ce12202718a27a6f575ef3e3d47e3f07dca7b315457f58c1783ea0f035c8949006aea3fb6b655818b45356d363c2e6480e0ca4ccc7ce73bed7a86
-
SSDEEP
196608:gj9BMnOUOymwCFGM78ABzdLr2UdVRlejuzxFQXH:gj909OmCFbJBzNrddVRIjuFF+H
Malware Config
Targets
-
-
Target
c00cfa33f9810d7332c7f184d5bc0b3733fe47bcd076787b01a82e11ee457815.exe
-
Size
6.5MB
-
MD5
2dd9a2b06e2612ae5264b6f5770909ef
-
SHA1
57ba2ebc6f49d513066bf3810acbbebfea93bd6f
-
SHA256
c00cfa33f9810d7332c7f184d5bc0b3733fe47bcd076787b01a82e11ee457815
-
SHA512
b3fbe44ae466a0795e4c53c6d6746206ed392ea46dc4e8c80a9cf622f85f66159796bfb8ffec21ca546d7c57720808c21613c04b12961d24a76633c691f71a34
-
SSDEEP
98304:1w+Gs1CprmJ2Iv2v7WH/Rl7fqfe0Ni6Ik2iVAwfRQBLgzSbsvB/BURkYnrY/MXJZ:i+Gs1jJXv2qH/vzqfpiXaQkdZ/W222R
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-