General
-
Target
b50dfa45bfb293d4343f049fecbb54d5.exe
-
Size
6.4MB
-
Sample
230329-nmpsdsgb28
-
MD5
b50dfa45bfb293d4343f049fecbb54d5
-
SHA1
8ec00a40d8468de7e53d9fbc6b9858a1c44bcb20
-
SHA256
3109866c62ea6c3e47a179d3ab3de093a6f938699b1ed83d8cbdfa7bfe92d169
-
SHA512
26a0b90ad2f8c2869b94cb55a4aacf3a24dd10d442b0f979cb810249e5b7cd59da33f5dfb55764c62c4ce3e88e13d44c713d634623637d1456961c79418e8cbd
-
SSDEEP
196608:uNLXVjqUGrKErcjVVVkfq9CCbLCsY7eU3oqLNkE:CLJqUGr9rcdkC9VbLeF3nLNkE
Malware Config
Targets
-
-
Target
b50dfa45bfb293d4343f049fecbb54d5.exe
-
Size
6.4MB
-
MD5
b50dfa45bfb293d4343f049fecbb54d5
-
SHA1
8ec00a40d8468de7e53d9fbc6b9858a1c44bcb20
-
SHA256
3109866c62ea6c3e47a179d3ab3de093a6f938699b1ed83d8cbdfa7bfe92d169
-
SHA512
26a0b90ad2f8c2869b94cb55a4aacf3a24dd10d442b0f979cb810249e5b7cd59da33f5dfb55764c62c4ce3e88e13d44c713d634623637d1456961c79418e8cbd
-
SSDEEP
196608:uNLXVjqUGrKErcjVVVkfq9CCbLCsY7eU3oqLNkE:CLJqUGr9rcdkC9VbLeF3nLNkE
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-