General
-
Target
Whatsapp Simple Sender - Cracked by ACE.exe
-
Size
2.5MB
-
Sample
240629-tylg1a1dnd
-
MD5
f702dee72e0427022ec0a6a003dbe0bf
-
SHA1
d6f5bb847e44547a489af02437dd276bd9f46b36
-
SHA256
7ec2f0a9812d22da3bef7d2f76c50d5b563024f29f6b98bcd01368d0c279862f
-
SHA512
a2135e0fd01e5fec21c7f70d6c763b79168d7d85be831172739c82df6baafe13e16faec8505274ca07d71b5cbd7ea103cc0bfd204e33e6fa8853c2733ab349fb
-
SSDEEP
49152:r4Lu2F3OzhVtsJNcPlVor4AvnQXHXlrCs0wjEUQr9+wW:r78ezhVfAf4HVrCs0EQ
Malware Config
Targets
-
-
Target
Whatsapp Simple Sender - Cracked by ACE.exe
-
Size
2.5MB
-
MD5
f702dee72e0427022ec0a6a003dbe0bf
-
SHA1
d6f5bb847e44547a489af02437dd276bd9f46b36
-
SHA256
7ec2f0a9812d22da3bef7d2f76c50d5b563024f29f6b98bcd01368d0c279862f
-
SHA512
a2135e0fd01e5fec21c7f70d6c763b79168d7d85be831172739c82df6baafe13e16faec8505274ca07d71b5cbd7ea103cc0bfd204e33e6fa8853c2733ab349fb
-
SSDEEP
49152:r4Lu2F3OzhVtsJNcPlVor4AvnQXHXlrCs0wjEUQr9+wW:r78ezhVfAf4HVrCs0EQ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-