General
-
Target
BYTE REGDIT !!.rar
-
Size
10.0MB
-
Sample
240926-vg68ta1emd
-
MD5
4785d98d856f3ac76d53ce3aaa4eaf7b
-
SHA1
c130096655d5be3af5ed10f3df38ae7f9e961e43
-
SHA256
fa639dd2124e017f58cd0c4da32acf950ab294c1dfb46433b9b471011c3d973d
-
SHA512
8ed61f5e35ac5c6da527fa4cc5e2ac2af685d81f2c919e7c461dfa96071b49cdc6e52c6e479798127f9a98c2268e51fbb4ab1c4cd3539f5e9129e99e036e8519
-
SSDEEP
196608:12pWCv1Oeu9Pq8PrjW/2QOyr3QLJu3jzGutadrTse/NejxXNO+fYetW288vW/mpB:128Cvg9ZBTjmzudUeoxXU5etdJpM58A4
Malware Config
Targets
-
-
Target
Code Extractor By Byte Regedit.exe
-
Size
10.1MB
-
MD5
14a15090ca8a1a568ea6e89e1638a11a
-
SHA1
dd02442ba92ed9f01b2420f61f0103afc8dfcbc1
-
SHA256
adcee3d9cc91e5036fa6216dab052ee915b5b452bf808e662b33e60dee2ee173
-
SHA512
9089abac51548c165680ca615be7b257951fbf384510716f66cbe9964a46fbc2cf6d7bc729f0894148533355f85f2267cf78e210cce56bab8b8c4fd49ed27e18
-
SSDEEP
196608:x3g8VEK7c1hIywFoc+XwfI9jUC2gYBYv3vbW4SEf+iITx1U6nA:y8VEp1hINFXIH2gYBgDWZjTnzA
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-