General
-
Target
f206c33258de47d5e05e9f035efc265c.exe
-
Size
4.2MB
-
Sample
230713-jn857sfg55
-
MD5
f206c33258de47d5e05e9f035efc265c
-
SHA1
c744ea5b001dc4a9b1e16dd736f44d0d3e9be002
-
SHA256
298bdf9042629b42e761f52949926d52acd55239181021fd78040bff32678e4a
-
SHA512
ef249fcb285fd3741e538a76ace582cdfa6042b2f559fa95a8a0245c7a09e3cf675150c1fd42f50383790b553a578c06cd898ef915ebf85e2cc6aab24ea3f90a
-
SSDEEP
98304:NVAhW7Q0TFGDZ50+vYNK8wQz8p6MDkaU:LAg7Q2FGE+vkKBQopBj
Static task
static1
Behavioral task
behavioral1
Sample
f206c33258de47d5e05e9f035efc265c.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
f206c33258de47d5e05e9f035efc265c.exe
-
Size
4.2MB
-
MD5
f206c33258de47d5e05e9f035efc265c
-
SHA1
c744ea5b001dc4a9b1e16dd736f44d0d3e9be002
-
SHA256
298bdf9042629b42e761f52949926d52acd55239181021fd78040bff32678e4a
-
SHA512
ef249fcb285fd3741e538a76ace582cdfa6042b2f559fa95a8a0245c7a09e3cf675150c1fd42f50383790b553a578c06cd898ef915ebf85e2cc6aab24ea3f90a
-
SSDEEP
98304:NVAhW7Q0TFGDZ50+vYNK8wQz8p6MDkaU:LAg7Q2FGE+vkKBQopBj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-