General
-
Target
922246d2938c77b783e112830796aa9f.bin
-
Size
4.1MB
-
Sample
240630-ddb5tswenr
-
MD5
922246d2938c77b783e112830796aa9f
-
SHA1
68212e1c4d8852a67fac6a1aa0e7d2672bba310d
-
SHA256
c7abff0928c85d80fcaad1ca24ecfe50a979f377652b96f25e3574a2eca772bf
-
SHA512
b56ed54b412d6b536318b8289354a3a58e1c967be179d429b9ebfa44406e579f014a7e635e11e24d206325354c66fc59b50e6fca7f221a0b6f85a0589a5efbe4
-
SSDEEP
98304:PF5G1oogUmZlieYR4xY17SIqxJyzszmo96Ch:PFA1oCmz/xwW9xJoszm06C
Behavioral task
behavioral1
Sample
922246d2938c77b783e112830796aa9f.exe
Resource
win7-20240611-en
Malware Config
Targets
-
-
Target
922246d2938c77b783e112830796aa9f.bin
-
Size
4.1MB
-
MD5
922246d2938c77b783e112830796aa9f
-
SHA1
68212e1c4d8852a67fac6a1aa0e7d2672bba310d
-
SHA256
c7abff0928c85d80fcaad1ca24ecfe50a979f377652b96f25e3574a2eca772bf
-
SHA512
b56ed54b412d6b536318b8289354a3a58e1c967be179d429b9ebfa44406e579f014a7e635e11e24d206325354c66fc59b50e6fca7f221a0b6f85a0589a5efbe4
-
SSDEEP
98304:PF5G1oogUmZlieYR4xY17SIqxJyzszmo96Ch:PFA1oCmz/xwW9xJoszm06C
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-