General
-
Target
d666cd8c7f42cac1deb6f454fafdb554
-
Size
3.0MB
-
Sample
231222-sn9w6safd7
-
MD5
d666cd8c7f42cac1deb6f454fafdb554
-
SHA1
316c62d28993c34c73116ea45df2f3a6fae409ba
-
SHA256
395ca42195bb7e32851fdbb30ff6386f3f89a590a491333d8c77f7a3c11b7a41
-
SHA512
62ee47f255257e3608c8c21cfd13c2debc19056cc2aee163538b6b4317a08dbeba8bd40eda1ec7e07372a19f5404a1b084af603cb2afdf75edbbc2646202047d
-
SSDEEP
98304:KUyCvKnx68W2l1vcwrfczCVXU2KAxZ25zYBi8:KUkx68dlnCCHZq78
Behavioral task
behavioral1
Sample
d666cd8c7f42cac1deb6f454fafdb554.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
fokjzu65.top
morhaq06.top
-
payload_url
http://nybloc09.top/download.php?file=lv.exe
Targets
-
-
Target
d666cd8c7f42cac1deb6f454fafdb554
-
Size
3.0MB
-
MD5
d666cd8c7f42cac1deb6f454fafdb554
-
SHA1
316c62d28993c34c73116ea45df2f3a6fae409ba
-
SHA256
395ca42195bb7e32851fdbb30ff6386f3f89a590a491333d8c77f7a3c11b7a41
-
SHA512
62ee47f255257e3608c8c21cfd13c2debc19056cc2aee163538b6b4317a08dbeba8bd40eda1ec7e07372a19f5404a1b084af603cb2afdf75edbbc2646202047d
-
SSDEEP
98304:KUyCvKnx68W2l1vcwrfczCVXU2KAxZ25zYBi8:KUkx68dlnCCHZq78
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-