General
-
Target
TelegramExpert.exe
-
Size
17.4MB
-
Sample
240522-pc7qwshd65
-
MD5
99974195d2ace89ba50ccb692cd74cae
-
SHA1
b54132da35de58c4bb6502de0b86167a8bec2b05
-
SHA256
f7e5c0accdfa631517ebc1001a3211e4b07f72743f6ea2129cb880513331814d
-
SHA512
d6cf9aa60df3d9ed9c1631950abf93f00fe8bd46a81cf5645101bda76ce241eadb48ee995862f6d3855443e47c7ba6e35c72b0b41a803a05d5516a90ef125106
-
SSDEEP
393216:wzUxz5fJadpnKckVODi91Heim0L5UdSWIp9K58k9DHJEyhcMECAdvL++mxrL4xga:EsfJ0xKc0ODa1+izUdSWu9KSWHpcMEC0
Malware Config
Targets
-
-
Target
TelegramExpert.exe
-
Size
17.4MB
-
MD5
99974195d2ace89ba50ccb692cd74cae
-
SHA1
b54132da35de58c4bb6502de0b86167a8bec2b05
-
SHA256
f7e5c0accdfa631517ebc1001a3211e4b07f72743f6ea2129cb880513331814d
-
SHA512
d6cf9aa60df3d9ed9c1631950abf93f00fe8bd46a81cf5645101bda76ce241eadb48ee995862f6d3855443e47c7ba6e35c72b0b41a803a05d5516a90ef125106
-
SSDEEP
393216:wzUxz5fJadpnKckVODi91Heim0L5UdSWIp9K58k9DHJEyhcMECAdvL++mxrL4xga:EsfJ0xKc0ODa1+izUdSWu9KSWHpcMEC0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-