General
-
Target
BruteL4 DDOS Tool.exe
-
Size
12.0MB
-
Sample
230325-q5asasfa6w
-
MD5
7469696e71e96dd67ce6c5f59c2e77c7
-
SHA1
a26de444a133d56eb51f5bac21fb2f925b5ee37a
-
SHA256
55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
-
SHA512
7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
-
SSDEEP
393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw
Static task
static1
Behavioral task
behavioral1
Sample
BruteL4 DDOS Tool.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
BruteL4 DDOS Tool.exe
-
Size
12.0MB
-
MD5
7469696e71e96dd67ce6c5f59c2e77c7
-
SHA1
a26de444a133d56eb51f5bac21fb2f925b5ee37a
-
SHA256
55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
-
SHA512
7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
-
SSDEEP
393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-