General
-
Target
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
Size
4.9MB
-
Sample
230720-j8px3aec5w
-
MD5
f4695fd70f1ed48d7e31f7ba81380059
-
SHA1
960a03052f1b240e9f44ea416ff7e65358d8a41a
-
SHA256
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
SHA512
04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59
-
SSDEEP
98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M
Static task
static1
Malware Config
Extracted
laplas
http://168.100.10.236
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
Size
4.9MB
-
MD5
f4695fd70f1ed48d7e31f7ba81380059
-
SHA1
960a03052f1b240e9f44ea416ff7e65358d8a41a
-
SHA256
626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed
-
SHA512
04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59
-
SSDEEP
98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-