General
-
Target
BitCheats.exe
-
Size
9.5MB
-
Sample
230327-zaktfshb6y
-
MD5
f9350631e747006dd165af9d0173f15d
-
SHA1
2ea2280fc4518185b0658555aa728ccf5a34f664
-
SHA256
ee3c9fdf9ac72921233d688db367410456b4a569f764e898ee9f883b50669dd6
-
SHA512
3521999a4f8fa787947bba0ed15812a41090fd76fdd06350fbe2f79cf0be8f6fc9abe29c166874ed67fd245bfb966579b4cb89a65f21a3d001bbc2182821e107
-
SSDEEP
196608:0d/n2e9fPh6lB6tKhWvBXFu8AkVURItvIpkIT1D746ERa:A/2uXhKvWvZLPCI5kkwB7paa
Malware Config
Targets
-
-
Target
BitCheats.exe
-
Size
9.5MB
-
MD5
f9350631e747006dd165af9d0173f15d
-
SHA1
2ea2280fc4518185b0658555aa728ccf5a34f664
-
SHA256
ee3c9fdf9ac72921233d688db367410456b4a569f764e898ee9f883b50669dd6
-
SHA512
3521999a4f8fa787947bba0ed15812a41090fd76fdd06350fbe2f79cf0be8f6fc9abe29c166874ed67fd245bfb966579b4cb89a65f21a3d001bbc2182821e107
-
SSDEEP
196608:0d/n2e9fPh6lB6tKhWvBXFu8AkVURItvIpkIT1D746ERa:A/2uXhKvWvZLPCI5kkwB7paa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-