General
-
Target
10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199.exe
-
Size
3.7MB
-
Sample
230630-a6n4bage9z
-
MD5
0168ca4a89a13c8b48f97edcd8c32165
-
SHA1
8f7c8396abe6dc8cf3d96dcefdcb208bebdc2852
-
SHA256
10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199
-
SHA512
c6e273f86f177d8b6b45de6b1969e8e88a708a1f86dc318f870cf6c011fd275503aeba5ab8e37dda85a407449c2ca0921bc9b3b586ab43f8afda946f481119ed
-
SSDEEP
49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL
Malware Config
Extracted
systembc
5.42.65.67:4298
localhost.exchange:4298
Targets
-
-
Target
10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199.exe
-
Size
3.7MB
-
MD5
0168ca4a89a13c8b48f97edcd8c32165
-
SHA1
8f7c8396abe6dc8cf3d96dcefdcb208bebdc2852
-
SHA256
10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199
-
SHA512
c6e273f86f177d8b6b45de6b1969e8e88a708a1f86dc318f870cf6c011fd275503aeba5ab8e37dda85a407449c2ca0921bc9b3b586ab43f8afda946f481119ed
-
SSDEEP
49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-