General
-
Target
BruteL4_DDOS_Tool.zip
-
Size
12.3MB
-
Sample
230325-1mwbdsge6y
-
MD5
b8076e4d47bf0bf173392f8c04f653f1
-
SHA1
66b88b7e57ad75264ff79d91ce7bb6354c5bb95e
-
SHA256
85e1cf1c6821a93541d7285f84ce6ffdb99588308fe1771e329bc18fba4d3f54
-
SHA512
e3f08fb62b538396306a1609e9fa7c25c8cd6d694f2c3b08cdc7d62b7219048624f975448eee3becf59488c13f6baa6df23e153c3d37dff5105f0f3667bf11b7
-
SSDEEP
393216:NWqkunM4oavnLZ/PpglYY9XHRo36q0otWtW:Dk+MqDZ/wYmBoJoW
Static task
static1
Behavioral task
behavioral1
Sample
BruteL4 DDOS Tool/BruteL4 DDOS Tool.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BruteL4 DDOS Tool/BruteL4 DDOS Tool.exe
-
Size
12.0MB
-
MD5
7469696e71e96dd67ce6c5f59c2e77c7
-
SHA1
a26de444a133d56eb51f5bac21fb2f925b5ee37a
-
SHA256
55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
-
SHA512
7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
-
SSDEEP
393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-