General
-
Target
dotEXE1.exe
-
Size
7.6MB
-
Sample
201125-81t31k5vp6
-
MD5
577594e40e94b665829e6e23c7fc8203
-
SHA1
0085845381c7d3f6bdb07a8281fdb7302f733577
-
SHA256
417ad511cc354f6391cc90451d8925ae8df9a0cb5808fa9bac0c2e91d3a243af
-
SHA512
5c7c4c646f87dee1d16cd5839b1e439d3d0d9c7e1c1808c480c113fa8b169ec7468b06341cfdfba9b08dfd836427514e41eb3410599d0f94a27ad29f3fa82c07
Static task
static1
Behavioral task
behavioral1
Sample
dotEXE1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
dotEXE1.exe
-
Size
7.6MB
-
MD5
577594e40e94b665829e6e23c7fc8203
-
SHA1
0085845381c7d3f6bdb07a8281fdb7302f733577
-
SHA256
417ad511cc354f6391cc90451d8925ae8df9a0cb5808fa9bac0c2e91d3a243af
-
SHA512
5c7c4c646f87dee1d16cd5839b1e439d3d0d9c7e1c1808c480c113fa8b169ec7468b06341cfdfba9b08dfd836427514e41eb3410599d0f94a27ad29f3fa82c07
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-