General
-
Target
ed2016e5a142c6f2e535b09d5484444c
-
Size
2.7MB
-
Sample
231222-ttwgeahde3
-
MD5
ed2016e5a142c6f2e535b09d5484444c
-
SHA1
1d407332bf5e38c390b262420720498c3094793b
-
SHA256
fab26cf1ace3f730e2dc4016f5b0d9e5937ad5d1c38220d824324347508ac2a0
-
SHA512
c4c25b376db0a819480b120e49e600647bd80697fb141a69e7a2062347a7d0a1d540cde3aadc3933a2912c2fccf34506b8e89c81c1e8aa86f4e06b43348a15a0
-
SSDEEP
49152:dn5RSbTUZiZNZwAEl8doRpBPATwbPC1W7kq3jIsEQirxPGL4YR:dUFeAwbK1WgqUsl6aR
Behavioral task
behavioral1
Sample
ed2016e5a142c6f2e535b09d5484444c.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
rasbrq34.top
moryei03.top
Targets
-
-
Target
ed2016e5a142c6f2e535b09d5484444c
-
Size
2.7MB
-
MD5
ed2016e5a142c6f2e535b09d5484444c
-
SHA1
1d407332bf5e38c390b262420720498c3094793b
-
SHA256
fab26cf1ace3f730e2dc4016f5b0d9e5937ad5d1c38220d824324347508ac2a0
-
SHA512
c4c25b376db0a819480b120e49e600647bd80697fb141a69e7a2062347a7d0a1d540cde3aadc3933a2912c2fccf34506b8e89c81c1e8aa86f4e06b43348a15a0
-
SSDEEP
49152:dn5RSbTUZiZNZwAEl8doRpBPATwbPC1W7kq3jIsEQirxPGL4YR:dUFeAwbK1WgqUsl6aR
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-