General
-
Target
https://cdn.discordapp.com/attachments/1239300375685759150/1241676635103690843/sillyboost_cracked_v1.zip?ex=664e5cbb&is=664d0b3b&hm=5bf1d911da875ecd6b9f171f2c1138070b3983ba2ecb28e0338fcbc37e151e25&
-
Sample
240522-a2y3qafa46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1239300375685759150/1241676635103690843/sillyboost_cracked_v1.zip?ex=664e5cbb&is=664d0b3b&hm=5bf1d911da875ecd6b9f171f2c1138070b3983ba2ecb28e0338fcbc37e151e25&
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1239300375685759150/1241676635103690843/sillyboost_cracked_v1.zip?ex=664e5cbb&is=664d0b3b&hm=5bf1d911da875ecd6b9f171f2c1138070b3983ba2ecb28e0338fcbc37e151e25&
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-