General
-
Target
Update Check.exe
-
Size
4.2MB
-
Sample
241013-3n3g7sshle
-
MD5
d53d1f00ed58f99f59822c2d2d544010
-
SHA1
0b7044e63ad051185cdfac92e23ce85af8faa9c8
-
SHA256
58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974
-
SHA512
4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8
-
SSDEEP
98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r
Behavioral task
behavioral1
Sample
Update Check.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Update Check.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
discordrat
-
discord_token
MTI1OTY0MjcxOTc2OTMyOTc0NA.G7ihTo._RCPiBzL9dSbWyoWQXFjvV6wNhGpmHiAW1ckvc
-
server_id
1292317246118559744
Targets
-
-
Target
Update Check.exe
-
Size
4.2MB
-
MD5
d53d1f00ed58f99f59822c2d2d544010
-
SHA1
0b7044e63ad051185cdfac92e23ce85af8faa9c8
-
SHA256
58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974
-
SHA512
4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8
-
SSDEEP
98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-