General
-
Target
loader.exe
-
Size
15.7MB
-
Sample
240619-ysc1wstenl
-
MD5
e91ec77475d05260c942e6efde6a8d9a
-
SHA1
d64e17d927269fa6504151dc716a5284312bf2b8
-
SHA256
a5449049022450ee54e4ef25e216f81adfc6e65f8b88b92f097145c29e092424
-
SHA512
50ffb259d564ed43958cce305a0a2e3b88563024440a28617bdc2a7d325e949b1cd5edd028d833f35db030050a0c77a2d3d066483e9b77639954549fc78cf817
-
SSDEEP
393216:fYS0xa+FHFq5D95hRykUSx6/FlZOshouIkPftRL54YRJ:fYS0TFlqxhRykUSxA30wouTtRLz
Behavioral task
behavioral1
Sample
loader.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
loader.exe
-
Size
15.7MB
-
MD5
e91ec77475d05260c942e6efde6a8d9a
-
SHA1
d64e17d927269fa6504151dc716a5284312bf2b8
-
SHA256
a5449049022450ee54e4ef25e216f81adfc6e65f8b88b92f097145c29e092424
-
SHA512
50ffb259d564ed43958cce305a0a2e3b88563024440a28617bdc2a7d325e949b1cd5edd028d833f35db030050a0c77a2d3d066483e9b77639954549fc78cf817
-
SSDEEP
393216:fYS0xa+FHFq5D95hRykUSx6/FlZOshouIkPftRL54YRJ:fYS0TFlqxhRykUSxA30wouTtRLz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-