General
-
Target
beef5daf51dadc2acdbccc37a73ccfec
-
Size
3.6MB
-
Sample
240310-snf9vsfb59
-
MD5
beef5daf51dadc2acdbccc37a73ccfec
-
SHA1
1a49019a42f0a195828bf2a5e7b41013709cc8c9
-
SHA256
91eab57eaf00089ffd21329eb93e072c8eb7ed79e37c807f6db2859548c8b5d8
-
SHA512
f6021d968f28a2dbf25e58c0bd9b474662de542b9cdf9dc3454bc97ee30e23aa2bd754c455e6fc973f7cf4ead9ca5c9f186e0cb3f9f6dec1e2f9aa3b31f64580
-
SSDEEP
98304:qbkDpLr5n9Ov7NCnsAAS7QG0owscxF7ZLN:q2pA7NksAASUqwsOLN
Behavioral task
behavioral1
Sample
beef5daf51dadc2acdbccc37a73ccfec.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
beef5daf51dadc2acdbccc37a73ccfec
-
Size
3.6MB
-
MD5
beef5daf51dadc2acdbccc37a73ccfec
-
SHA1
1a49019a42f0a195828bf2a5e7b41013709cc8c9
-
SHA256
91eab57eaf00089ffd21329eb93e072c8eb7ed79e37c807f6db2859548c8b5d8
-
SHA512
f6021d968f28a2dbf25e58c0bd9b474662de542b9cdf9dc3454bc97ee30e23aa2bd754c455e6fc973f7cf4ead9ca5c9f186e0cb3f9f6dec1e2f9aa3b31f64580
-
SSDEEP
98304:qbkDpLr5n9Ov7NCnsAAS7QG0owscxF7ZLN:q2pA7NksAASUqwsOLN
-
StormKitty payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-