General
-
Target
59839deaf77e360a20857c8f64c40e99add549e888798ffee4e857ea2cbae840
-
Size
2.3MB
-
Sample
240901-2eqxdatdjq
-
MD5
b5d7f8f074fc15dff1d719bca8457a51
-
SHA1
7c3741134e495e6d4249fb7d91d53f1e1715412d
-
SHA256
59839deaf77e360a20857c8f64c40e99add549e888798ffee4e857ea2cbae840
-
SHA512
a81e98c343a23a0a771646b0f965086ebf49b86073eda917ac9d0993d628339537232097dd41f5dd9f08b843c6c1d80a2cbd88e6a2f557077c17c4a5d80c3971
-
SSDEEP
49152:0jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:0rkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Malware Config
Targets
-
-
Target
59839deaf77e360a20857c8f64c40e99add549e888798ffee4e857ea2cbae840
-
Size
2.3MB
-
MD5
b5d7f8f074fc15dff1d719bca8457a51
-
SHA1
7c3741134e495e6d4249fb7d91d53f1e1715412d
-
SHA256
59839deaf77e360a20857c8f64c40e99add549e888798ffee4e857ea2cbae840
-
SHA512
a81e98c343a23a0a771646b0f965086ebf49b86073eda917ac9d0993d628339537232097dd41f5dd9f08b843c6c1d80a2cbd88e6a2f557077c17c4a5d80c3971
-
SSDEEP
49152:0jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:0rkI9rSjA5aDo73pzF2bz3p9y4HgIoov
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-