General
-
Target
sorenq.zip
-
Size
4.0MB
-
Sample
241224-kz5gtstmap
-
MD5
8c8355a5982d5c23cf46e1bc208d71f9
-
SHA1
f3582d5e9ff9d8a93f81fa573b6fe96715002823
-
SHA256
6421b8dd3f429921cd2cd3b9d6809f8a860d2f6acb58be9387ff14541dc07878
-
SHA512
fae8127f885f706d57b9af4c5bcc0c45303301f03da316558ec18e5a67d3532d579d7845e1a3042d19326f06ddbcbd5aadea4590fcd6beac9ef0f3f012274696
-
SSDEEP
98304:i83pEdZEqpFLPHmYT4sww+/HDPT8pwC8AEP0jdSeww80MDeMy+O:dZjqL6idm84L0ceD
Static task
static1
Malware Config
Targets
-
-
Target
download.exe
-
Size
4.0MB
-
MD5
5577c8755bee3b80e17e42e80eadde86
-
SHA1
79ebbc3f9d175669ee090f53b93a925b42281b73
-
SHA256
85ba99319f22cde0abd25e839a7a230a730f1d52e546754873e479be88e65da1
-
SHA512
2d88bc7339c5629e21c00dbf63152a3389110752be0610d8744ce5f89037701e51f40a102730f9e843555749e69607c3b8896b5fbcab76662ab3a3640e45053d
-
SSDEEP
98304:oPk7tEUpppPxYyTUsAoQ9/hZjipqYW+YHeFJeAuw8agFo2Gm:GdUfAaBE+OzYIo
-
Modifies WinLogon for persistence
-
Nanocore family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-