General
-
Target
8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034
-
Size
4.2MB
-
Sample
230713-aj1tlafh8w
-
MD5
6dc144922cd53d27b561798e3c783a88
-
SHA1
9b73c41a5ed06eab41ed06d9d908993f6f78f09c
-
SHA256
8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034
-
SHA512
5152eeeb47bee872fd6a6cb10e733eb8a0ecc825dc3f05a566ebe8cc5060192b0d3fa17281d3f35b7903de0d0984f08c84528edd3aa871bdfb06185ad5e282f9
-
SSDEEP
98304:FqAOShxAY+cI3/fehOao7p0j6zlMlNQUgNK/iEJiFU0Nk:FqAOShGND3/fehVZ6JM+NKaEEFU0
Static task
static1
Behavioral task
behavioral1
Sample
8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034
-
Size
4.2MB
-
MD5
6dc144922cd53d27b561798e3c783a88
-
SHA1
9b73c41a5ed06eab41ed06d9d908993f6f78f09c
-
SHA256
8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034
-
SHA512
5152eeeb47bee872fd6a6cb10e733eb8a0ecc825dc3f05a566ebe8cc5060192b0d3fa17281d3f35b7903de0d0984f08c84528edd3aa871bdfb06185ad5e282f9
-
SSDEEP
98304:FqAOShxAY+cI3/fehOao7p0j6zlMlNQUgNK/iEJiFU0Nk:FqAOShGND3/fehVZ6JM+NKaEEFU0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-