General
-
Target
6393577eccbb54f677ff7dd65c984807
-
Size
3.0MB
-
Sample
240117-zncp1afab8
-
MD5
6393577eccbb54f677ff7dd65c984807
-
SHA1
5020ec827081c486c32af374473d96ce5f4f30de
-
SHA256
fb7f48daa45730568caa82cfa74c3c3a16130d2428ccef71eb266daa4146efde
-
SHA512
81e6e3b90072454e6497e1622b6d43371ca3c43cb5a073364b9f9db1c85866b1b9614f56c0b5c970b456cba7ffd0a7e8ce490649ec189c52d234b5e7e68a6d28
-
SSDEEP
49152:hU6pv81VrL49dOdL4hE+oQ2OkCe2OtIcm+H2w6JFqtEI8X3nUywRve:C6pJ9dO6hhofOkCCycm+WRJFnlNI
Behavioral task
behavioral1
Sample
6393577eccbb54f677ff7dd65c984807.exe
Resource
win7-20231129-en
Malware Config
Extracted
cryptbot
fokfgl36.top
mortbo03.top
-
payload_url
http://nybaer04.top/download.php?file=lv.exe
Targets
-
-
Target
6393577eccbb54f677ff7dd65c984807
-
Size
3.0MB
-
MD5
6393577eccbb54f677ff7dd65c984807
-
SHA1
5020ec827081c486c32af374473d96ce5f4f30de
-
SHA256
fb7f48daa45730568caa82cfa74c3c3a16130d2428ccef71eb266daa4146efde
-
SHA512
81e6e3b90072454e6497e1622b6d43371ca3c43cb5a073364b9f9db1c85866b1b9614f56c0b5c970b456cba7ffd0a7e8ce490649ec189c52d234b5e7e68a6d28
-
SSDEEP
49152:hU6pv81VrL49dOdL4hE+oQ2OkCe2OtIcm+H2w6JFqtEI8X3nUywRve:C6pJ9dO6hhofOkCCycm+WRJFnlNI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-