General
-
Target
f4695fd70f1ed48d7e31f7ba81380059.exe
-
Size
4.9MB
-
Sample
230720-j29nwsec21
-
MD5
f4695fd70f1ed48d7e31f7ba81380059
-
SHA1
960a03052f1b240e9f44ea416ff7e65358d8a41a
-
SHA256
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
SHA512
04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59
-
SSDEEP
98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M
Static task
static1
Behavioral task
behavioral1
Sample
f4695fd70f1ed48d7e31f7ba81380059.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://168.100.10.236
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
f4695fd70f1ed48d7e31f7ba81380059.exe
-
Size
4.9MB
-
MD5
f4695fd70f1ed48d7e31f7ba81380059
-
SHA1
960a03052f1b240e9f44ea416ff7e65358d8a41a
-
SHA256
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
SHA512
04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59
-
SSDEEP
98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-