General
-
Target
6d72e0d0887eaada746fcd3e4826ae26.exe
-
Size
6.1MB
-
Sample
230327-y4zn2ahb4x
-
MD5
6d72e0d0887eaada746fcd3e4826ae26
-
SHA1
0dda5cf9abfcadfed7a08f462391afe14f742dc6
-
SHA256
f84feaefe643ef0719ee089d4ba8300b2591dc9127afc38cd8824ea9bca68216
-
SHA512
bddadc654cd801661ab51c2a60f3ce5853bb96bdcec2090c044d27b0ba3fbb09beb1d2900bfc478025e53daa1aa0f2e7c29155ee308101709468327fd2c85d8c
-
SSDEEP
98304:8/xUvBHLYg9I/9IWAVDOTGwCbxdbFVApup8ex0LdWdCtoKzjmaXrHJy9oFW5nlw:8/WBHJhKm53ALeK5WZOmazJFUX
Malware Config
Targets
-
-
Target
6d72e0d0887eaada746fcd3e4826ae26.exe
-
Size
6.1MB
-
MD5
6d72e0d0887eaada746fcd3e4826ae26
-
SHA1
0dda5cf9abfcadfed7a08f462391afe14f742dc6
-
SHA256
f84feaefe643ef0719ee089d4ba8300b2591dc9127afc38cd8824ea9bca68216
-
SHA512
bddadc654cd801661ab51c2a60f3ce5853bb96bdcec2090c044d27b0ba3fbb09beb1d2900bfc478025e53daa1aa0f2e7c29155ee308101709468327fd2c85d8c
-
SSDEEP
98304:8/xUvBHLYg9I/9IWAVDOTGwCbxdbFVApup8ex0LdWdCtoKzjmaXrHJy9oFW5nlw:8/WBHJhKm53ALeK5WZOmazJFUX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-