General
-
Target
payload3.zip
-
Size
13.6MB
-
Sample
230330-q2zl9ach63
-
MD5
8e9fe712ba816f4e565ea1f7c6a08d6b
-
SHA1
0ef74e3dc386f3a76e528f2f9b1e29049c16f8d8
-
SHA256
43ae56fbf1f9043543f0f868e6891b426fe87802fffb1d563685d0f26313a9ea
-
SHA512
c3b5bb60dad368d0f7a393a95d3ec8c9ed37d22ce83f324329884e47c8e0d099db7ae9ebdd8a6ccedc5027333530e2d67987eb2982c87d03499655e14abffbe1
-
SSDEEP
393216:4Kc/OzPaBcgBcu+gDk4bwwTdtqGa8pKoPClK6:bcmz8cWgQnwqvqowoKln
Behavioral task
behavioral1
Sample
payload3.zip
Resource
win10-20230220-es
Malware Config
Targets
-
-
Target
payload3.zip
-
Size
13.6MB
-
MD5
8e9fe712ba816f4e565ea1f7c6a08d6b
-
SHA1
0ef74e3dc386f3a76e528f2f9b1e29049c16f8d8
-
SHA256
43ae56fbf1f9043543f0f868e6891b426fe87802fffb1d563685d0f26313a9ea
-
SHA512
c3b5bb60dad368d0f7a393a95d3ec8c9ed37d22ce83f324329884e47c8e0d099db7ae9ebdd8a6ccedc5027333530e2d67987eb2982c87d03499655e14abffbe1
-
SSDEEP
393216:4Kc/OzPaBcgBcu+gDk4bwwTdtqGa8pKoPClK6:bcmz8cWgQnwqvqowoKln
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-