General
-
Target
85caf92b6709de24e1c39c82c32395c1.exe
-
Size
6.3MB
-
Sample
230327-ld69zaeg4x
-
MD5
85caf92b6709de24e1c39c82c32395c1
-
SHA1
20f570db9cc7d3b7d70ce155e6631d4305e2d97f
-
SHA256
d2c445a8b7c0f17493dc52fdb23ca0d21231d578d6dd3814f24b2bbb5ddd7c40
-
SHA512
ea8c0a635adc94fa3dcc17c638123de197fb2aadb8bf0fa1e03c91d3345d80b91e2069671a586907495c52d7e6d4449e0e060e5ba8ab8fa44f0979715183d9b4
-
SSDEEP
196608:V3i0h4AEWKrehfhTll3MTO2JnnJUaHYppfMn/8sEuF:Bxh4hwlhRyTOCeXMx
Malware Config
Targets
-
-
Target
85caf92b6709de24e1c39c82c32395c1.exe
-
Size
6.3MB
-
MD5
85caf92b6709de24e1c39c82c32395c1
-
SHA1
20f570db9cc7d3b7d70ce155e6631d4305e2d97f
-
SHA256
d2c445a8b7c0f17493dc52fdb23ca0d21231d578d6dd3814f24b2bbb5ddd7c40
-
SHA512
ea8c0a635adc94fa3dcc17c638123de197fb2aadb8bf0fa1e03c91d3345d80b91e2069671a586907495c52d7e6d4449e0e060e5ba8ab8fa44f0979715183d9b4
-
SSDEEP
196608:V3i0h4AEWKrehfhTll3MTO2JnnJUaHYppfMn/8sEuF:Bxh4hwlhRyTOCeXMx
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-