General
-
Target
Folder.rar
-
Size
33.1MB
-
Sample
230521-zpaa9scd43
-
MD5
cf612197c75923ca827e198325e53657
-
SHA1
131f8ff92ec993af2d242cb676a8b006448c7b50
-
SHA256
4621fab7e79c7f65a52220c1cdb75aef0e2f5a6dfebf3f3380e075b49235d1be
-
SHA512
d4c688ace2239a3718c3625f9750f2ed1aea93bb56343d4b8d01d94c506a9968ff927efb0cd5b086b74ff2e1ca559738b17c181bbccfa35d0d121049715434e8
-
SSDEEP
786432:514WO3QqurabsuiCWulEr+47y34NGjC6nI1Gcs:P4WO3krzuiCxo97NG26I13s
Behavioral task
behavioral1
Sample
Folder/OnlineSet-up.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Folder/OnlineSet-up.exe
-
Size
685.3MB
-
MD5
3890f04895fa29ca24469e4c52e44b1f
-
SHA1
4c944be0bf5cecff8334d783a387de8043bde9be
-
SHA256
a1f4e4cd0c62e2cfa8ebdcb90800cdcd028b0302a60714ce8fb122e8d7d4a9fa
-
SHA512
68b53ea7c5312e14dcae727d14856360e07535a034ce0b899b0714efd1cc3d25d9c778718bddb81267a10a4283278b0a1793e973e4abd95acac2485d72364268
-
SSDEEP
393216:hrR+SknsQiN9pmGKLnqIgxBnpWmxuis8LrqSGl:VR+SknLepQTqIGnpWHisj
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Stops running service(s)
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-