General
-
Target
26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc
-
Size
3.4MB
-
Sample
230730-3a6byabf79
-
MD5
9cc8c2df003851e7a8fd1ffb8386eb5f
-
SHA1
917bf018cd62ddf5dd4f4d1709451901204b90a2
-
SHA256
26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc
-
SHA512
6ea0e39be36c3fd70bdc7367c7a3e2e2f85426f30f7922d8dc53567bc8a068612db4f81714c356bf418240adb8fd845b3715029335bee9692167d60cf151576a
-
SSDEEP
49152:ZCfCy+NPnKB9iN5zR6goQk9O1x5gIhodeeLMTnGdJaoYB+rkB4JtIiMj3q9/Yy:qiKB9GZ+O1xPWeDGdJ/YB+sCM+9/Yy
Static task
static1
Behavioral task
behavioral1
Sample
26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc.exe
Resource
win7-20230712-en
Malware Config
Extracted
laplas
http://185.209.161.89
-
api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0
Targets
-
-
Target
26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc
-
Size
3.4MB
-
MD5
9cc8c2df003851e7a8fd1ffb8386eb5f
-
SHA1
917bf018cd62ddf5dd4f4d1709451901204b90a2
-
SHA256
26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc
-
SHA512
6ea0e39be36c3fd70bdc7367c7a3e2e2f85426f30f7922d8dc53567bc8a068612db4f81714c356bf418240adb8fd845b3715029335bee9692167d60cf151576a
-
SSDEEP
49152:ZCfCy+NPnKB9iN5zR6goQk9O1x5gIhodeeLMTnGdJaoYB+rkB4JtIiMj3q9/Yy:qiKB9GZ+O1xPWeDGdJ/YB+sCM+9/Yy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-