General
-
Target
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe
-
Size
1.7MB
-
Sample
241016-bdrt6syfmj
-
MD5
d9355b4c496a14e5fc4f5b398b340b8f
-
SHA1
fa75a031565aeeddf1d30a18d2a7a7ec6a548b84
-
SHA256
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa
-
SHA512
7eb5116aa6bba746dd22e8869e1bca20380447977ae5b497a33209e9e9ae69e74a231d3802d5c45fcf7754915525c126f6d0955a710c91e5a1b2a3fe01a17022
-
SSDEEP
24576:OEW+JBrRp9+3hpZh/u1d3fv3Ob2Mo4bn8Srvkphqu9z1U/cEuviOH3x:OEzJB39+3hpZRu1d3fO
Static task
static1
Behavioral task
behavioral1
Sample
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe
-
Size
1.7MB
-
MD5
d9355b4c496a14e5fc4f5b398b340b8f
-
SHA1
fa75a031565aeeddf1d30a18d2a7a7ec6a548b84
-
SHA256
0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa
-
SHA512
7eb5116aa6bba746dd22e8869e1bca20380447977ae5b497a33209e9e9ae69e74a231d3802d5c45fcf7754915525c126f6d0955a710c91e5a1b2a3fe01a17022
-
SSDEEP
24576:OEW+JBrRp9+3hpZh/u1d3fv3Ob2Mo4bn8Srvkphqu9z1U/cEuviOH3x:OEzJB39+3hpZRu1d3fO
-
Looks for VirtualBox Guest Additions in registry
-
Downloads MZ/PE file
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3