General
-
Target
ea25629f3eaf190ab7d1f6d1b1540f2c.exe
-
Size
5.3MB
-
Sample
230718-td1q7acf9x
-
MD5
ea25629f3eaf190ab7d1f6d1b1540f2c
-
SHA1
aba0b98a67e9ea8e32243cef25eff02a84cfddbc
-
SHA256
49771de8bcea44c22d54d1eebc9f05ff0d33f66355fbf9dd77e7e891cd062bcc
-
SHA512
8b1469e27827215fff58160666740bf2edb002c8180def2fe58cb87d1606f60d25df29d7efa5e84dbb896deee36861328b8c70496ec8f95257da3337656b61d9
-
SSDEEP
98304:GQD46Y6tyy3zULt7XhliF2t5qLL4xJvQyNIIBdwRxKcH5XMgq2rgAuJIA/v/0cPo:GQD1b8yCpXhlibOFC+do3H5jq2rNYIAa
Static task
static1
Malware Config
Targets
-
-
Target
ea25629f3eaf190ab7d1f6d1b1540f2c.exe
-
Size
5.3MB
-
MD5
ea25629f3eaf190ab7d1f6d1b1540f2c
-
SHA1
aba0b98a67e9ea8e32243cef25eff02a84cfddbc
-
SHA256
49771de8bcea44c22d54d1eebc9f05ff0d33f66355fbf9dd77e7e891cd062bcc
-
SHA512
8b1469e27827215fff58160666740bf2edb002c8180def2fe58cb87d1606f60d25df29d7efa5e84dbb896deee36861328b8c70496ec8f95257da3337656b61d9
-
SSDEEP
98304:GQD46Y6tyy3zULt7XhliF2t5qLL4xJvQyNIIBdwRxKcH5XMgq2rgAuJIA/v/0cPo:GQD1b8yCpXhlibOFC+do3H5jq2rNYIAa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-