General
-
Target
16538940581.zip
-
Size
2.8MB
-
Sample
240411-lns54aca3v
-
MD5
c1f30b4b7d6bbe16114f25cbe0cd6f70
-
SHA1
f147d7ba0e96f0ce017a1df3765ec2ffbf425413
-
SHA256
45367cfab92f1625bb5974d317f71bdf016a3c670e6e2745ebc17f9931d1a91c
-
SHA512
07866d5d3ce7e9714975c8287a9e328c2091e0de4aa338c33c507503a007ee905c553d1aa5bb0a7b27df6f55b45f7e10d45e8cd87f011c9aea212bae2dedd913
-
SSDEEP
49152:/VDvVaYhOtJ+LMv1U1sPkC/ZkspXYjTdVtYoRooy4pLIdEkqmX4ZSLyyZguIS:JvThZGEGBHYjxX5pFJay3U
Behavioral task
behavioral1
Sample
e61ec7adeb1d91fe2236061982b3a70f16f0769a300cd6bcba757effcf240520.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
e61ec7adeb1d91fe2236061982b3a70f16f0769a300cd6bcba757effcf240520
-
Size
5.1MB
-
MD5
60565980895a9d571d92b819b105b48b
-
SHA1
1bcba90b236aa8d8af9a2cb39fce16d7ad028ba4
-
SHA256
e61ec7adeb1d91fe2236061982b3a70f16f0769a300cd6bcba757effcf240520
-
SHA512
aaf54a82630cb17aa49fa69dc46c1d8eaf1f1a3aff9a85fc2a630277b1125356b89cc08d2f471499e97d16c93d3f7dadc72f6f6bc2e472049a047c49b066325e
-
SSDEEP
98304:AKcdA7s4OiZrq1DfPHNADtV6v+zKK5buBg7q7l/7+2q:AS7s4O7NADtV6v+3JYMm/q
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-