General
-
Target
JC_589b49a8e56beb55dcdacec0cdc3e04949eaa678df53d720ba940c7193130344
-
Size
3.5MB
-
Sample
230902-nc91ksce69
-
MD5
062fe47e8efc9041880ed273eda7c8f3
-
SHA1
b77fffa5fce64689758a7180477ffa25bd62f509
-
SHA256
589b49a8e56beb55dcdacec0cdc3e04949eaa678df53d720ba940c7193130344
-
SHA512
67a4536375b34d77b3e61314ab5a6ffbbab11ff5bc4e2dd62c4b141f2b8727aef93438fd0ac74a60b55da92d54e40ee2868a9cacb2e80a60061d324940f5cb80
-
SSDEEP
98304:Qs1IP7M+tBbnp5KsWEjGnT6iWB7cXWvdeMl+0WyC6oxgfMapH:VoA+3n7KsWEQTUqX8dedyXw2pH
Static task
static1
Behavioral task
behavioral1
Sample
JC_589b49a8e56beb55dcdacec0cdc3e04949eaa678df53d720ba940c7193130344.exe
Resource
win7-20230831-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
JC_589b49a8e56beb55dcdacec0cdc3e04949eaa678df53d720ba940c7193130344
-
Size
3.5MB
-
MD5
062fe47e8efc9041880ed273eda7c8f3
-
SHA1
b77fffa5fce64689758a7180477ffa25bd62f509
-
SHA256
589b49a8e56beb55dcdacec0cdc3e04949eaa678df53d720ba940c7193130344
-
SHA512
67a4536375b34d77b3e61314ab5a6ffbbab11ff5bc4e2dd62c4b141f2b8727aef93438fd0ac74a60b55da92d54e40ee2868a9cacb2e80a60061d324940f5cb80
-
SSDEEP
98304:Qs1IP7M+tBbnp5KsWEjGnT6iWB7cXWvdeMl+0WyC6oxgfMapH:VoA+3n7KsWEQTUqX8dedyXw2pH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-