General
-
Target
4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4
-
Size
4.6MB
-
Sample
230720-d6cxtsda8z
-
MD5
44e4af2a42e0709726bc55c48755b6c6
-
SHA1
f30667ab145f876ed67f3568771c9f44cbb075c8
-
SHA256
4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4
-
SHA512
ce98088c7ef0c6ba4e0d0acade13eca5d7dfbfea572c805bc28b26c5cb86889b0d19fdd0e194dd80398c1a4734c201045d63b406bf102f9ff10b94bef8929844
-
SSDEEP
98304:N5QHGBGgZ9TeexEgENstZK0ZqjFOrbKSNm0rkR2U1PZGP0AeZ3o20SlC4W6+EhAG:NO8DZ9TePgEwPZ+OHHrLU1xI0AeZ4ClR
Static task
static1
Behavioral task
behavioral1
Sample
4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4
-
Size
4.6MB
-
MD5
44e4af2a42e0709726bc55c48755b6c6
-
SHA1
f30667ab145f876ed67f3568771c9f44cbb075c8
-
SHA256
4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4
-
SHA512
ce98088c7ef0c6ba4e0d0acade13eca5d7dfbfea572c805bc28b26c5cb86889b0d19fdd0e194dd80398c1a4734c201045d63b406bf102f9ff10b94bef8929844
-
SSDEEP
98304:N5QHGBGgZ9TeexEgENstZK0ZqjFOrbKSNm0rkR2U1PZGP0AeZ3o20SlC4W6+EhAG:NO8DZ9TePgEwPZ+OHHrLU1xI0AeZ4ClR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-