General
-
Target
6d72e0d0887eaada746fcd3e4826ae26.bin
-
Size
5.9MB
-
Sample
230329-bsqwesec22
-
MD5
9b8b4b20bd1564d6ad4a2d9826f0ed7a
-
SHA1
486dbfffb8b4913a0193e9221e125b9e491a560a
-
SHA256
e276e776b9ce358bc50cfb83a7abe27799a66a56719de8668552dbdbd3f17041
-
SHA512
c77e91904ff0e7d983fb2b58f2fac5f8b53f469f6c0985e0d08bc909c9fc182b4abad63c50549aa87a97d8d29f22bef4140f7cf6024371e282c33b799f1285b6
-
SSDEEP
98304:EBC879xBl3VTp4G8txnYtGfe0GR2G49xnJTg2SJbi/IwUzYsDvRAVxSzyu8X:E88ZjtVFTCxnY/n0Gog2WFzYkzyu8X
Static task
static1
Behavioral task
behavioral1
Sample
f84feaefe643ef0719ee089d4ba8300b2591dc9127afc38cd8824ea9bca68216.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
f84feaefe643ef0719ee089d4ba8300b2591dc9127afc38cd8824ea9bca68216.exe
-
Size
6.1MB
-
MD5
6d72e0d0887eaada746fcd3e4826ae26
-
SHA1
0dda5cf9abfcadfed7a08f462391afe14f742dc6
-
SHA256
f84feaefe643ef0719ee089d4ba8300b2591dc9127afc38cd8824ea9bca68216
-
SHA512
bddadc654cd801661ab51c2a60f3ce5853bb96bdcec2090c044d27b0ba3fbb09beb1d2900bfc478025e53daa1aa0f2e7c29155ee308101709468327fd2c85d8c
-
SSDEEP
98304:8/xUvBHLYg9I/9IWAVDOTGwCbxdbFVApup8ex0LdWdCtoKzjmaXrHJy9oFW5nlw:8/WBHJhKm53ALeK5WZOmazJFUX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-