General
-
Target
wow.zip
-
Size
972KB
-
Sample
240523-yldnvaea7y
-
MD5
f239e87b9e9c0528d3da6cd9cc97070e
-
SHA1
34ea694decfa1c940d622e5a6d35639a5fca13ad
-
SHA256
9f79190d363143b27efacf27d67a35f4f8ea781df79cdfa15fb1bde1a67641ca
-
SHA512
208435b399cc98ace42692211f6db3a6449103fe24c479b24c9516ad58e4767d7508214231ee49930f0327361f29e3d55b12841a15a7e8bdd10085f161047c9b
-
SSDEEP
24576:WBX4kPfUKOTlOHsSPbuBKJ5YqYXmWVIoNNU5ymDi:WBoe8ksSSKJKqcmQIoNWymO
Malware Config
Targets
-
-
Target
Todoist-win32-9.3.2.exe
-
Size
2.8MB
-
MD5
6756a24daf9628e691994def1e2ab195
-
SHA1
961a6658d2e6ddb0ba6cb2a489bcb692c93d4f85
-
SHA256
763f0e6d7e6700217888a98ef01e2e085ed81226e565b8b738ee4a2b48e9bdf1
-
SHA512
2683d573bcb29aa85e8c9f94df1a05901e234862f998d1db3f0ac40c1c97d465900cf9fb9f4272792b6319c4f6b516494b4fd8ac54671de560dd4b8eab3507dc
-
SSDEEP
24576:br4DpEFVbZL+N+coB8SBrCqJ6lPhgHxoeovCiaIhGGPThuaIvufnXfmeT3:n4DpwVbZL+ZoqSf6lPCoeovGGPw985T3
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-