General
-
Target
msvs.exe
-
Size
4.0MB
-
Sample
230718-2j6tdsec86
-
MD5
e1cd1c30f4761a2bf4c878ef0a723435
-
SHA1
8fe5aaf4f0906bbc33c73819fd27eb838cc096e0
-
SHA256
b20d74c759e6d677148c3cf1ddac1056631d69ec738f098d2c8103782d8d82c6
-
SHA512
ecf459342f3d6aa775fa471e9b80d457a8a6bdaae18ffe0495fb044c1a665bd6efcfe9fbf27f8e977939797b1caff468e3b5e2a41b433f080e7b63c7fc8d32d8
-
SSDEEP
98304:jBFr1GYY6ihQXeuhAgNcpdWK07pWUd/nwdAS:1/7kdEQUd/nwuS
Static task
static1
Behavioral task
behavioral1
Sample
msvs.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
msvs.exe
-
Size
4.0MB
-
MD5
e1cd1c30f4761a2bf4c878ef0a723435
-
SHA1
8fe5aaf4f0906bbc33c73819fd27eb838cc096e0
-
SHA256
b20d74c759e6d677148c3cf1ddac1056631d69ec738f098d2c8103782d8d82c6
-
SHA512
ecf459342f3d6aa775fa471e9b80d457a8a6bdaae18ffe0495fb044c1a665bd6efcfe9fbf27f8e977939797b1caff468e3b5e2a41b433f080e7b63c7fc8d32d8
-
SSDEEP
98304:jBFr1GYY6ihQXeuhAgNcpdWK07pWUd/nwdAS:1/7kdEQUd/nwuS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-