General
-
Target
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e
-
Size
2.3MB
-
Sample
240614-zkd4naygnr
-
MD5
57faf60e3fdc68504c43696d670f5714
-
SHA1
3a142da12dbd7950c6b75b28e25ab5a7f76e186e
-
SHA256
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e
-
SHA512
ff6c94406f9dd6e9cb15fdb22e8826240b4ea8d0485587444e1014d075982ecdbcff08c64fef43ca618a5697f316d1be06c9867caaa4704e248df07f2f779bb1
-
SSDEEP
49152:sjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:srkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Static task
static1
Behavioral task
behavioral1
Sample
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e
-
Size
2.3MB
-
MD5
57faf60e3fdc68504c43696d670f5714
-
SHA1
3a142da12dbd7950c6b75b28e25ab5a7f76e186e
-
SHA256
3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e
-
SHA512
ff6c94406f9dd6e9cb15fdb22e8826240b4ea8d0485587444e1014d075982ecdbcff08c64fef43ca618a5697f316d1be06c9867caaa4704e248df07f2f779bb1
-
SSDEEP
49152:sjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:srkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Score9/10-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-