General
-
Target
6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac
-
Size
6.2MB
-
Sample
230729-ffqr4sah92
-
MD5
c1bdc48d24699fd1d43938a3f32fa7fd
-
SHA1
08bdc9543146ea0f16d32237cca2c4446f9b3a80
-
SHA256
6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac
-
SHA512
80bf4c3c2f8face2432d0ebee8ae0982efc2e576dd5f0898fdff434927a6ad6079c793e5cd75835e4cfbd9f1ad831882c625e1df89893c69488a469f5e81eecf
-
SSDEEP
196608:OgvS7Syd4AnGKG3ZWQm1f6c2kjWNM69UWr:Pa7HFnGhkd1f6c2kjR6+Wr
Static task
static1
Behavioral task
behavioral1
Sample
6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://185.209.161.89
-
api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0
Targets
-
-
Target
6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac
-
Size
6.2MB
-
MD5
c1bdc48d24699fd1d43938a3f32fa7fd
-
SHA1
08bdc9543146ea0f16d32237cca2c4446f9b3a80
-
SHA256
6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac
-
SHA512
80bf4c3c2f8face2432d0ebee8ae0982efc2e576dd5f0898fdff434927a6ad6079c793e5cd75835e4cfbd9f1ad831882c625e1df89893c69488a469f5e81eecf
-
SSDEEP
196608:OgvS7Syd4AnGKG3ZWQm1f6c2kjWNM69UWr:Pa7HFnGhkd1f6c2kjR6+Wr
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-