General
-
Target
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2
-
Size
2.1MB
-
Sample
210513-4e4gsye53a
-
MD5
cafe69a59c0c3c646ea7f114180d4d8b
-
SHA1
70961e60e1e279bd2882c4693ca7de7c9c96981b
-
SHA256
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2
-
SHA512
40eda1da28f5fe0aa6bab25b6c6dcdca226a6dcd3385d9c8870b33c48f0398269643e887d6c1f390547fa97a31c817241c090da37830bcf67f6f44ceb2ea36d0
Static task
static1
Behavioral task
behavioral1
Sample
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2
-
Size
2.1MB
-
MD5
cafe69a59c0c3c646ea7f114180d4d8b
-
SHA1
70961e60e1e279bd2882c4693ca7de7c9c96981b
-
SHA256
e8dfed8e5cf7d8f65690d21b1b1db8df7e2ca855e1b3cb963392c6e112a4d0e2
-
SHA512
40eda1da28f5fe0aa6bab25b6c6dcdca226a6dcd3385d9c8870b33c48f0398269643e887d6c1f390547fa97a31c817241c090da37830bcf67f6f44ceb2ea36d0
Score10/10-
Modifies visibility of file extensions in Explorer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-