General
-
Target
Account_Generators_PACK.rar.html
-
Size
18KB
-
Sample
240608-25exsshg2x
-
MD5
6c6540baafaf292ff0cdebea8cd77cb7
-
SHA1
a6ad4bd434d0b40ffc30340600423a8663bdc7e7
-
SHA256
9ec72f171a616f2dcd2d42ab10444087abd654ab00d0ac553d8dc850de767e5c
-
SHA512
e3f1a2efa8cae79209067a89d2fdb605c31d51e3e1f5880b66f46ad943faaad0d63ab7229b6411ede871b0249514a724abd723460e445b06de8624f89764b584
-
SSDEEP
384:KoJylIn7xpYwuu504YueHYVDRzhU3E8+UUKIz40qovP863M+J:KoJCIn7XY20tSDRzh4E8+UUKIz40qovz
Static task
static1
Behavioral task
behavioral1
Sample
Account_Generators_PACK.rar.html
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Account_Generators_PACK.rar.html
-
Size
18KB
-
MD5
6c6540baafaf292ff0cdebea8cd77cb7
-
SHA1
a6ad4bd434d0b40ffc30340600423a8663bdc7e7
-
SHA256
9ec72f171a616f2dcd2d42ab10444087abd654ab00d0ac553d8dc850de767e5c
-
SHA512
e3f1a2efa8cae79209067a89d2fdb605c31d51e3e1f5880b66f46ad943faaad0d63ab7229b6411ede871b0249514a724abd723460e445b06de8624f89764b584
-
SSDEEP
384:KoJylIn7xpYwuu504YueHYVDRzhU3E8+UUKIz40qovP863M+J:KoJCIn7XY20tSDRzh4E8+UUKIz40qovz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-