General
-
Target
802adde2f73b801001415c095fcaffe3.exe
-
Size
6.8MB
-
Sample
230325-jspblabg37
-
MD5
802adde2f73b801001415c095fcaffe3
-
SHA1
e787c97d506802f78922e71a809f042e0b8a4239
-
SHA256
1cfa114e335202d50659ca4baec2671111f5a133a3f6817d7095c9670efde514
-
SHA512
9f583a0f19aaad94172d08d1fb673e947a95b47d264aab4bbc9a8cb0bd3c1704298bbb618cbfb5a3e386b43c1bdb4b3a218c10f3eab2434db7c605e913c7ae4e
-
SSDEEP
196608:rAgI4S0Ob45Tswtb/Yl/3+MFFT2qvW7ySS:caOb4BPx/wv+MFl2qvW7ySS
Malware Config
Targets
-
-
Target
802adde2f73b801001415c095fcaffe3.exe
-
Size
6.8MB
-
MD5
802adde2f73b801001415c095fcaffe3
-
SHA1
e787c97d506802f78922e71a809f042e0b8a4239
-
SHA256
1cfa114e335202d50659ca4baec2671111f5a133a3f6817d7095c9670efde514
-
SHA512
9f583a0f19aaad94172d08d1fb673e947a95b47d264aab4bbc9a8cb0bd3c1704298bbb618cbfb5a3e386b43c1bdb4b3a218c10f3eab2434db7c605e913c7ae4e
-
SSDEEP
196608:rAgI4S0Ob45Tswtb/Yl/3+MFFT2qvW7ySS:caOb4BPx/wv+MFl2qvW7ySS
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-