General
-
Target
PN0wYEDIiaYw.exe
-
Size
13.9MB
-
Sample
241117-qy9caazqcz
-
MD5
35b50f3d52b9350017509e40353bb4cc
-
SHA1
53dde65d8ed3b57684b41f5846dc8cfb6d4f0f51
-
SHA256
cd22c6fea23c6f161a88411b46caf6d8f9342089d828245d9b18d19091d24f3f
-
SHA512
fa9555d5e365a95b5eb334e41ca979f07c41a89dd755f7bcbf989280457082a9b4e77d9417ed13cbb8d8443ef72d6545eaa94eae4dbd262ef5574a6c2651c300
-
SSDEEP
393216:9JzWUq3UKKeizYH2jBkzv7qZ/CMKGvZ/0ZtCHl:95W1nezCTzDAC1GxvHl
Static task
static1
Malware Config
Targets
-
-
Target
PN0wYEDIiaYw.exe
-
Size
13.9MB
-
MD5
35b50f3d52b9350017509e40353bb4cc
-
SHA1
53dde65d8ed3b57684b41f5846dc8cfb6d4f0f51
-
SHA256
cd22c6fea23c6f161a88411b46caf6d8f9342089d828245d9b18d19091d24f3f
-
SHA512
fa9555d5e365a95b5eb334e41ca979f07c41a89dd755f7bcbf989280457082a9b4e77d9417ed13cbb8d8443ef72d6545eaa94eae4dbd262ef5574a6c2651c300
-
SSDEEP
393216:9JzWUq3UKKeizYH2jBkzv7qZ/CMKGvZ/0ZtCHl:95W1nezCTzDAC1GxvHl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: The@SymbolMeaning&History|Webopedia
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-