General
-
Target
tsd-setup.exe
-
Size
29.3MB
-
Sample
230919-y1c1vsbh3v
-
MD5
d37ce788cb61d7e0aa636b12f5cab302
-
SHA1
1dd729a656b504ef76acecfa150a995e7e7db47c
-
SHA256
ca1ded6542eef8263d083f20ab9531ce9c47309f386e5cde44e8e38797abd40b
-
SHA512
a320c0988d8bf0498af780e65730dc7712b93463f2f4f3b68a66bc215a1678b72bb5736430dbf3ea3a355922fc14e4ced5056634c8a0bc6ab965fe56889d0277
-
SSDEEP
786432:4Pf4jnS+Df2AoORtCnSZuvUpCV18JZzrilvSwK+PbJrgRG:4Ijnx8OfWwy1mZz+l1KeRgk
Static task
static1
Malware Config
Targets
-
-
Target
tsd-setup.exe
-
Size
29.3MB
-
MD5
d37ce788cb61d7e0aa636b12f5cab302
-
SHA1
1dd729a656b504ef76acecfa150a995e7e7db47c
-
SHA256
ca1ded6542eef8263d083f20ab9531ce9c47309f386e5cde44e8e38797abd40b
-
SHA512
a320c0988d8bf0498af780e65730dc7712b93463f2f4f3b68a66bc215a1678b72bb5736430dbf3ea3a355922fc14e4ced5056634c8a0bc6ab965fe56889d0277
-
SSDEEP
786432:4Pf4jnS+Df2AoORtCnSZuvUpCV18JZzrilvSwK+PbJrgRG:4Ijnx8OfWwy1mZz+l1KeRgk
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Deletes itself
-