General
-
Target
Built.exe
-
Size
12.0MB
-
Sample
241103-d1rh2atfmp
-
MD5
b745a939d6e54688d8ce20bf25e808e9
-
SHA1
8b0995f3521883d763242348d7338bdfd28aa4bd
-
SHA256
b705437dbf42dec15e6b740a0fc9a2713201f1acec2e764a452d2281b8fe0343
-
SHA512
393a1a3c80e77fccfb9128aa1696486eb8a2bd194b383e97fe13093391a08788e0fdc62c139508842edcefb103abeac8502c4a02bf27d66c60ac3f5a5b1aa376
-
SSDEEP
196608:iHJekYrHNWP8yOTv6tXnlfpiK2oFhJwfI9jUCzi4H1qSiXLGVi7DMgpZYHQ0VMwy:ZdtaSTv6FlVFUIHziK1piXLGVE4U2w00
Malware Config
Targets
-
-
Target
Built.exe
-
Size
12.0MB
-
MD5
b745a939d6e54688d8ce20bf25e808e9
-
SHA1
8b0995f3521883d763242348d7338bdfd28aa4bd
-
SHA256
b705437dbf42dec15e6b740a0fc9a2713201f1acec2e764a452d2281b8fe0343
-
SHA512
393a1a3c80e77fccfb9128aa1696486eb8a2bd194b383e97fe13093391a08788e0fdc62c139508842edcefb103abeac8502c4a02bf27d66c60ac3f5a5b1aa376
-
SSDEEP
196608:iHJekYrHNWP8yOTv6tXnlfpiK2oFhJwfI9jUCzi4H1qSiXLGVi7DMgpZYHQ0VMwy:ZdtaSTv6FlVFUIHziK1piXLGVE4U2w00
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-