General
-
Target
a0543f4768b6938e07393baa1301a3a5.bin
-
Size
6.5MB
-
Sample
230401-b5tsvafb52
-
MD5
fd8e6a4deafcc157efebbf0b7556de67
-
SHA1
f293a8e03e5caebda0d3d61f99c80e32a77de858
-
SHA256
010d4f5cb4436951944f73360fd938ec676331de4b6a02e6c220c95f58970559
-
SHA512
59668e7674c0806ab7095e1a6210089e14f08d6a44c4caa024ecc287e26215f41fb9507c5797486695df27cafa439552bc2a71bb924fd8b82ea6f65435a4186d
-
SSDEEP
196608:CYOTk8oAjEO2KUhEfGc+cPCEc0Hn2NkV14:C/k8og2KUClP/HrY
Static task
static1
Behavioral task
behavioral1
Sample
7ede0b1138f235629f0e3539de7f0b225b9e9f9ca4855aca0e9ccaeab0731bf5.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
7ede0b1138f235629f0e3539de7f0b225b9e9f9ca4855aca0e9ccaeab0731bf5.exe
-
Size
6.8MB
-
MD5
a0543f4768b6938e07393baa1301a3a5
-
SHA1
a2fc8528c2b25145f4f87265ae229379839d8b79
-
SHA256
7ede0b1138f235629f0e3539de7f0b225b9e9f9ca4855aca0e9ccaeab0731bf5
-
SHA512
c77e81df7149c042c691a6fec6499c2095de5f4dbfba5a57e94080dc78e6d944eabbfd403823119d62f0f4641d5929be0e52afb9c46d18508ae855c4f0a2af5b
-
SSDEEP
196608:RkAYBdNTUeMyEg/CN95K1o8TE4eOnTGcwdb:Rk5dNo2Eg6N95ghE4lTKdb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-