General
-
Target
Lang[1].bin.exe
-
Size
3.9MB
-
Sample
230721-qrtcgsfd2y
-
MD5
2aa0fe002aeee888c33dbb6864580e6c
-
SHA1
e10a14cede8f2e48ccd6fb5111583fcf5156030a
-
SHA256
e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2
-
SHA512
0598092827b729fa9720f4fbd61087323fce6fb7318fb286784fcc125c5e64d69a0d9cdb57ee11ca0f7474dffd17b7af647ef71affafdb0fc608b705bd66d1fd
-
SSDEEP
98304:LdD7hTCd16KI1cqLrUmolDD/0z+lzZQ57j:LJ7F4wcYUdRzI7j
Static task
static1
Behavioral task
behavioral1
Sample
Lang[1].bin.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://185.209.161.89
-
api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0
Targets
-
-
Target
Lang[1].bin.exe
-
Size
3.9MB
-
MD5
2aa0fe002aeee888c33dbb6864580e6c
-
SHA1
e10a14cede8f2e48ccd6fb5111583fcf5156030a
-
SHA256
e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2
-
SHA512
0598092827b729fa9720f4fbd61087323fce6fb7318fb286784fcc125c5e64d69a0d9cdb57ee11ca0f7474dffd17b7af647ef71affafdb0fc608b705bd66d1fd
-
SSDEEP
98304:LdD7hTCd16KI1cqLrUmolDD/0z+lzZQ57j:LJ7F4wcYUdRzI7j
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-