General
-
Target
677f1cce8dde03b9b196cc190c297151.exe
-
Size
7.7MB
-
Sample
230326-mkc55sab4v
-
MD5
677f1cce8dde03b9b196cc190c297151
-
SHA1
5de570a7b3d511424ea1e79b2058c8f0a895313b
-
SHA256
13a1209698c56df1cacb4e0f88cac8f54d154b1367b66132dcbdeb57d141705a
-
SHA512
78f2f77ded56b0ed93a65b294f1006f15f027eac0e4830a6e828d21c85768ba7bec06b4c0cbe8ca10915e4a0fb808c7ad5c1f823839c9c15de526299eaad333c
-
SSDEEP
196608:ah7WJVYPY5YO3zN/8WQqftACMLXTtPsRQfF6XTcd:U7o5jNUqfaFLjLAjK
Malware Config
Targets
-
-
Target
677f1cce8dde03b9b196cc190c297151.exe
-
Size
7.7MB
-
MD5
677f1cce8dde03b9b196cc190c297151
-
SHA1
5de570a7b3d511424ea1e79b2058c8f0a895313b
-
SHA256
13a1209698c56df1cacb4e0f88cac8f54d154b1367b66132dcbdeb57d141705a
-
SHA512
78f2f77ded56b0ed93a65b294f1006f15f027eac0e4830a6e828d21c85768ba7bec06b4c0cbe8ca10915e4a0fb808c7ad5c1f823839c9c15de526299eaad333c
-
SSDEEP
196608:ah7WJVYPY5YO3zN/8WQqftACMLXTtPsRQfF6XTcd:U7o5jNUqfaFLjLAjK
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-