General
-
Target
e4e8905cf218c3e12f9fccbf4a703744.exe
-
Size
6.8MB
-
Sample
230330-jspmcsbf35
-
MD5
e4e8905cf218c3e12f9fccbf4a703744
-
SHA1
4b3346a3b4e6188631433e5c1601e8bb0ca2f798
-
SHA256
d80b49455c86bb748c2b4d006443e73fb107f4cdfee298991bb526bf9a6fa464
-
SHA512
da480a40ca3a44b36d26f03e0d25b189001a4e502681779ea90ee879ae7c1ca5aa50dd42536569075b86d2b611036ee9ef5a4bf70630b948dcaa9212d22104ec
-
SSDEEP
196608:FL7u7L7uo4QIyIUEkPYWiDCRRAsRnWODS9v:pqLuoNUUdPcDgAs0lv
Malware Config
Targets
-
-
Target
e4e8905cf218c3e12f9fccbf4a703744.exe
-
Size
6.8MB
-
MD5
e4e8905cf218c3e12f9fccbf4a703744
-
SHA1
4b3346a3b4e6188631433e5c1601e8bb0ca2f798
-
SHA256
d80b49455c86bb748c2b4d006443e73fb107f4cdfee298991bb526bf9a6fa464
-
SHA512
da480a40ca3a44b36d26f03e0d25b189001a4e502681779ea90ee879ae7c1ca5aa50dd42536569075b86d2b611036ee9ef5a4bf70630b948dcaa9212d22104ec
-
SSDEEP
196608:FL7u7L7uo4QIyIUEkPYWiDCRRAsRnWODS9v:pqLuoNUUdPcDgAs0lv
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-