General
-
Target
ff56dee01fd15e801b0d88ba5d317eee
-
Size
2.8MB
-
Sample
231222-vwyvzsfac6
-
MD5
ff56dee01fd15e801b0d88ba5d317eee
-
SHA1
81fef87a51a56288e70e182cba68b74d84a270d6
-
SHA256
eb17ce0a69d3a77dd79a046674a14cc7830993834b479a6af5cf1afbaeaefcf3
-
SHA512
37bc7095af68d2bb033ac3ab7f338355fb482c51de33862187c1990c517be62a924680bdc9df3e8683fcc4406037bf139ee1eb68d25db4c51f23065dc866c10c
-
SSDEEP
49152:P7ks42wcRDP6wFaFc6NpdOAAfVQUuGWPI8fCDtrrTJ9A7mnoFqpWa3o1U8twN63u:oD2whOX69OAAHu9PI8W21gpWa3o1f+63
Behavioral task
behavioral1
Sample
ff56dee01fd15e801b0d88ba5d317eee.exe
Resource
win7-20231215-en
Malware Config
Extracted
cryptbot
rasrzh25.top
morsuq02.top
-
payload_url
http://eloema02.top/download.php?file=lv.exe
Targets
-
-
Target
ff56dee01fd15e801b0d88ba5d317eee
-
Size
2.8MB
-
MD5
ff56dee01fd15e801b0d88ba5d317eee
-
SHA1
81fef87a51a56288e70e182cba68b74d84a270d6
-
SHA256
eb17ce0a69d3a77dd79a046674a14cc7830993834b479a6af5cf1afbaeaefcf3
-
SHA512
37bc7095af68d2bb033ac3ab7f338355fb482c51de33862187c1990c517be62a924680bdc9df3e8683fcc4406037bf139ee1eb68d25db4c51f23065dc866c10c
-
SSDEEP
49152:P7ks42wcRDP6wFaFc6NpdOAAfVQUuGWPI8fCDtrrTJ9A7mnoFqpWa3o1U8twN63u:oD2whOX69OAAHu9PI8W21gpWa3o1f+63
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-