General
-
Target
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554
-
Size
3.1MB
-
Sample
230725-pterfadb6v
-
MD5
18658dec7775fa53f081b892d6a2b027
-
SHA1
fa8d901c7aac70e2c37544883ce087e48c6302d1
-
SHA256
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554
-
SHA512
cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d
-
SSDEEP
98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT
Static task
static1
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554
-
Size
3.1MB
-
MD5
18658dec7775fa53f081b892d6a2b027
-
SHA1
fa8d901c7aac70e2c37544883ce087e48c6302d1
-
SHA256
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554
-
SHA512
cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d
-
SSDEEP
98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-