General
-
Target
2aa0fe002aeee888c33dbb6864580e6c.bin
-
Size
3.8MB
-
Sample
230723-blbg6ach47
-
MD5
e6d5df45cc3f84cad9380ce6a0a5946d
-
SHA1
3e0a63913ae11898020b6da1bdc035a8898852a5
-
SHA256
674c8d94cf9924732c53502672cd3dfcc3173f1c073e2f355eed447751abf286
-
SHA512
b21c3f26f4c40413d05e436d4f5f8ef178c7f210b03c885c7c5e89ab21c65568d09b782cf5e5ef2fadf10aad35bbb549eef8efeb6faacbe5c9d8b8d77bb26dd9
-
SSDEEP
98304:cTJyxZDMLJy5sMu2CPZ9tYBzmCgXg1ubxl5DB9dZd+iV0T:aiVMVy5sNZ9tZCgzlLLV0T
Static task
static1
Behavioral task
behavioral1
Sample
e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://185.209.161.89
-
api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0
Targets
-
-
Target
e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2.exe
-
Size
3.9MB
-
MD5
2aa0fe002aeee888c33dbb6864580e6c
-
SHA1
e10a14cede8f2e48ccd6fb5111583fcf5156030a
-
SHA256
e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2
-
SHA512
0598092827b729fa9720f4fbd61087323fce6fb7318fb286784fcc125c5e64d69a0d9cdb57ee11ca0f7474dffd17b7af647ef71affafdb0fc608b705bd66d1fd
-
SSDEEP
98304:LdD7hTCd16KI1cqLrUmolDD/0z+lzZQ57j:LJ7F4wcYUdRzI7j
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-