General
-
Target
18658dec7775fa53f081b892d6a2b027.bin
-
Size
3.1MB
-
Sample
230727-bcxn2ahd6w
-
MD5
6fcbbba89adf250c7cd231f5896f16cc
-
SHA1
83c7ebf0c303dc3435fe12d89bf07c512e02263f
-
SHA256
7e8bcb5a4cf982060f3f7fbb291e672849267ef3004034f739e18a2c5c90ae53
-
SHA512
7ee5f72b78bf2df8b498a5c8f9e67adea0f8253fda3aacc0f560cce46e222ba20b6119f18c4d8523942b267d4e0152713285d3dc5d39623b4ec983f209da2984
-
SSDEEP
49152:3Rwbb9o64lZQBDbegiMjrXvFNzJY0TYW3irI2w083fFlx3nMHNaD2zeCHQSE0sqP:4C64rQBOIfXvlcafPynLX9sqP
Static task
static1
Behavioral task
behavioral1
Sample
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554.exe
-
Size
3.1MB
-
MD5
18658dec7775fa53f081b892d6a2b027
-
SHA1
fa8d901c7aac70e2c37544883ce087e48c6302d1
-
SHA256
17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554
-
SHA512
cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d
-
SSDEEP
98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-