General
-
Target
491cdabdc48d761e951d8f8cf9defa9e.bin
-
Size
5.8MB
-
Sample
230325-brcbmsce4y
-
MD5
50613c30baeb2e9564a742c7b5759109
-
SHA1
d40d01b16d32ba6dffd444f69904c78d81ef7ab0
-
SHA256
71b4cb5c28f905755b94628dee32cc63d064a0fe056b05572eae533b00a3b4c2
-
SHA512
a6213161d193dcc6c2a0c163282995bf52ec3b031100f77ed79831406befa51e982b7993817c6418aba61873af7d9fb97d19ffbcc6acdc83005c9d96db369230
-
SSDEEP
98304:XhV+OpWlOKgxgvqTUH//171QyBdhSM6aUJvpqpgPyaDYt41ZW8TYMF4Hff2Q:XhrWlDiGqcl5FBdhb6zJspg6aeyjYWyZ
Malware Config
Targets
-
-
Target
8079494d11dee40b555bde3a9af104f0d9ea48ee64b89256cdd3200b38d91ccf.exe
-
Size
6.2MB
-
MD5
491cdabdc48d761e951d8f8cf9defa9e
-
SHA1
751fe62c846cc434a362baa74db9a2632658792a
-
SHA256
8079494d11dee40b555bde3a9af104f0d9ea48ee64b89256cdd3200b38d91ccf
-
SHA512
3e722d19bc1c29f3661240d3d9d5fb1ea4cbdffd506143ce77bc5a42ed339c112e6d924a7eef3b828bffb22084ca03f29601578677ac7ac4a0e79effda6fd349
-
SSDEEP
196608:sFNE8AU8Ddhot2JiezLb3TwjZ3oBsPAeZed9GMYqHXefeg1D4m37em7LQRc:sFrATJJ53yZ3oBsPAeZed9GMYqHXefed
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-