Resubmissions
21-09-2024 16:31
240921-t1qvhasdmk 612-08-2024 10:22
240812-mebp5awhkn 625-07-2024 11:21
240725-nge11ayeqg 713-07-2024 10:18
240713-mcdfyaxajp 911-07-2024 20:03
240711-ysrjaa1hnj 708-06-2024 18:41
240608-xb31baee6w 325-05-2024 19:34
240525-yaastaff2v 823-05-2024 17:58
240523-wj9mdsbb2y 9General
-
Target
AutoIt-Extractor-net40-x64.exe
-
Size
1.2MB
-
Sample
240523-wj9mdsbb2y
-
MD5
205792ce0da5273baffa6aa5b87d3a88
-
SHA1
50439afe5c2bd328f68206d06d6c31190b3946c6
-
SHA256
d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
-
SHA512
186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
-
SSDEEP
24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu
Static task
static1
Malware Config
Targets
-
-
Target
AutoIt-Extractor-net40-x64.exe
-
Size
1.2MB
-
MD5
205792ce0da5273baffa6aa5b87d3a88
-
SHA1
50439afe5c2bd328f68206d06d6c31190b3946c6
-
SHA256
d82d49e9ad153ef84670c1d0bde5f36b540d32fa037cca6127ce9e4e366b7403
-
SHA512
186f2fac650ee02683c689b0c04867a30330a5475475b106a2aaaedc5e2fa3c9325cf07a2c5321044f5aed1502d729d1d9537ac57bf7733cc228c44ceaba7821
-
SSDEEP
24576:pcdWeAKpCklFpaQ3vGvW68WxOFxT6YP7KPU48YNL8SsbJDeAKpCZG:QFAcdFpa068WxOFxT6YP7KPU48YNVsbu
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-