General
-
Target
193b9ac8a916a33aea9b14e75d97db27.bin
-
Size
5.2MB
-
Sample
240630-bl2z4svdlm
-
MD5
193b9ac8a916a33aea9b14e75d97db27
-
SHA1
54f75bceda925b2b88bee6103500ca14a06da870
-
SHA256
0f160fc577f226594d62ef89dfa13023d7f226a3fe6da0ce1958030913690b79
-
SHA512
beb22a7c5dc5b5d39a794fa6862f9cc3abfbb4b6a2a83b6094964b5024c4b8decc8c7b1f936dabd9ea2ac48f84a85b430de705a3980225f1712570d6de7acace
-
SSDEEP
98304:bu6aYJNiNe0+P8eOp+T3fC1jJuk0SeZgSvelOzyyYq8ak7dgMP1H:bu6aYP6eh8xAC1jMYeOSIqpg
Static task
static1
Behavioral task
behavioral1
Sample
Loadeijsnsns.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Loadeijsnsns.exe
-
Size
667.6MB
-
MD5
6dd1a9a9c7be9d14e8c1d460f28db30e
-
SHA1
9b515c939ae604d1f6ce4d006e36a9f9e7e9f65a
-
SHA256
23e8cca6b7756c2233791f125512d71c4319299165606b40eeccc10e6c913bae
-
SHA512
77dc97f5007a25e94c92fc610a77e7b088a52ff38ae51977aff32a039e910b50249129ed971d2dc1b2a83e4f2c74732eaa423d899bc6f41dd2ea2eb90a2b4bfa
-
SSDEEP
98304:Tb86s8D/eLeyyP8MGz+t5Vov15+u+AsBmmpsZmRyIgmGC2xxOw7h:Tb86s87SeD8X2ov10Ssgmwgp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-