General
-
Target
b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2
-
Size
4.1MB
-
Sample
230730-pbgs3shb33
-
MD5
b30e29bccabab032c27910210d9ccf76
-
SHA1
caa3927738b66c3ecc553943eabedcbbfbe4c0da
-
SHA256
b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2
-
SHA512
ce8348d0547de624b1bf19804c87b1e0379d29c5fe585d0ac602f51dd1bab90649654b87ebd236eef593829757d182ae16facbd5c2710bfecc87837c63a495a8
-
SSDEEP
98304:BTq01m8gyX4fG9VNFJgAvUvc7uqBbDKxh4vU:BG0tgyoelMv+FAhwU
Static task
static1
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2
-
Size
4.1MB
-
MD5
b30e29bccabab032c27910210d9ccf76
-
SHA1
caa3927738b66c3ecc553943eabedcbbfbe4c0da
-
SHA256
b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2
-
SHA512
ce8348d0547de624b1bf19804c87b1e0379d29c5fe585d0ac602f51dd1bab90649654b87ebd236eef593829757d182ae16facbd5c2710bfecc87837c63a495a8
-
SSDEEP
98304:BTq01m8gyX4fG9VNFJgAvUvc7uqBbDKxh4vU:BG0tgyoelMv+FAhwU
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-