General
-
Target
94ae98d3e8368e90f7777ee3df51da77.exe
-
Size
6.3MB
-
Sample
230328-w9gdjaec2v
-
MD5
94ae98d3e8368e90f7777ee3df51da77
-
SHA1
513b8681ac6088324731af512cb44ea49d223d27
-
SHA256
f667ab33b49d8b8389e116a05849032cc2e78a7578b12cdd07ed89a931c3c464
-
SHA512
945d77ed3e8aa250025b5d04ec60d06163c2556c0453d6c81af06031a1fd053c6cdc272bcfff71c0405375d669759b7e076122e490d5ad8c3fda7bfee9198f7c
-
SSDEEP
196608:BH6U57641LiUDQVnzWG/VsqUaJlReG73o:F5+7UDc9ZE
Static task
static1
Behavioral task
behavioral1
Sample
94ae98d3e8368e90f7777ee3df51da77.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
94ae98d3e8368e90f7777ee3df51da77.exe
-
Size
6.3MB
-
MD5
94ae98d3e8368e90f7777ee3df51da77
-
SHA1
513b8681ac6088324731af512cb44ea49d223d27
-
SHA256
f667ab33b49d8b8389e116a05849032cc2e78a7578b12cdd07ed89a931c3c464
-
SHA512
945d77ed3e8aa250025b5d04ec60d06163c2556c0453d6c81af06031a1fd053c6cdc272bcfff71c0405375d669759b7e076122e490d5ad8c3fda7bfee9198f7c
-
SSDEEP
196608:BH6U57641LiUDQVnzWG/VsqUaJlReG73o:F5+7UDc9ZE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-