General
-
Target
pafish.exe
-
Size
75KB
-
Sample
201125-n4jqxp8yrn
-
MD5
9159edb64c4a21d8888d088bf2db23f3
-
SHA1
124f46228d1e220d88ae5e9a24d6e713039a64f9
-
SHA256
2180f4a13add5e346e8cf6994876a9d2f5eac3fcb695db8569537010d24cd6d5
-
SHA512
4b6d56b81dd3cd42bb53fc8d68b5c8ef0d6c85ebcc503cd042ae5c19e8965e6477f259a02bafb9c5c66956ae1023fc30e3be5bbcd526eacc8480f93d74c1ab7c
Static task
static1
Behavioral task
behavioral1
Sample
pafish.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
pafish.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
pafish.exe
-
Size
75KB
-
MD5
9159edb64c4a21d8888d088bf2db23f3
-
SHA1
124f46228d1e220d88ae5e9a24d6e713039a64f9
-
SHA256
2180f4a13add5e346e8cf6994876a9d2f5eac3fcb695db8569537010d24cd6d5
-
SHA512
4b6d56b81dd3cd42bb53fc8d68b5c8ef0d6c85ebcc503cd042ae5c19e8965e6477f259a02bafb9c5c66956ae1023fc30e3be5bbcd526eacc8480f93d74c1ab7c
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-