General
-
Target
archive-230524-03_05_07.rar
-
Size
4.2MB
-
Sample
240523-tdd77age44
-
MD5
f3965220eb515fe52178c7ba8c0f00a8
-
SHA1
a4da50806ca5e54526d5a36b47dd2e83ced75f94
-
SHA256
75aa10907161f15e36c85c79949a60e24c474a7843fd9897bda91fa2aed21204
-
SHA512
55772f123f952345178dcc89b009e8e74f8dc6148c17f53df65e16281165ca67aa68309089e57e8e305957f1a646e8133833a8d2cef083863ff578751820e3c7
-
SSDEEP
98304:0KiJFHzp+mkiQEgLmGAxcyrgyIkDUc6Bzr01aR5r:0KiHzQz5JSpjEyIPc9Y/r
Malware Config
Targets
-
-
Target
setup.exe
-
Size
770.0MB
-
MD5
9c02820ad89ac844fe771f9f571497d5
-
SHA1
635e4317e97fce54d14e59c8e6e3da146c6f8f8d
-
SHA256
01141bf3fcaad427b21817be74c025d3b3e73866642e7e37a0080331a1808227
-
SHA512
241e29da0c44999f3c6b9667b9552b5b7e56dd079133ea42009643dd3c735e9658df7d3aa5e6a60813aa1f4ffbf0add3be42f1d3c9bc70f30a92a80e5d22a6b0
-
SSDEEP
49152:LELQqnFZggkFi7jZc8xVNUhfelFDDHLQb+hOpzspFmHTXW6xnaTMS5gpQFRufJNz:LVgkF4c8KGrfUKhaWm7CTcBqSGG8
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-