General
-
Target
6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904
-
Size
10.0MB
-
Sample
230904-c443vsdd7z
-
MD5
0b9d2831ef8b3b992ccd927eacda539c
-
SHA1
4e2cce21d8b53dad540bc3cf28676436f896a32a
-
SHA256
6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904
-
SHA512
4935866c3961a14904c1b3c6fb9a141d03fa222dd9d9eb5ff1b6d6dbb22099d640454f203d052f6091c987896ba8c3c2cdd560d7c1f8bc1b52ef8f22a6a8326f
-
SSDEEP
196608:VoA+3n7KsWEQTUqX8dedyXw2peE+RE7e5pPKGuk9wc5j5VxzOql9axhqBpl34Iyd:uA+3n7WbUqaNoRE7oppukJVxzpl9arqE
Static task
static1
Behavioral task
behavioral1
Sample
6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904.exe
Resource
win7-20230831-en
Malware Config
Extracted
laplas
http://lpls.tuktuk.ug
-
api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde
Targets
-
-
Target
6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904
-
Size
10.0MB
-
MD5
0b9d2831ef8b3b992ccd927eacda539c
-
SHA1
4e2cce21d8b53dad540bc3cf28676436f896a32a
-
SHA256
6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904
-
SHA512
4935866c3961a14904c1b3c6fb9a141d03fa222dd9d9eb5ff1b6d6dbb22099d640454f203d052f6091c987896ba8c3c2cdd560d7c1f8bc1b52ef8f22a6a8326f
-
SSDEEP
196608:VoA+3n7KsWEQTUqX8dedyXw2peE+RE7e5pPKGuk9wc5j5VxzOql9axhqBpl34Iyd:uA+3n7WbUqaNoRE7oppukJVxzpl9arqE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-