General
-
Target
MonoShock_.exe
-
Size
2.7MB
-
Sample
210629-qpjwa5dets
-
MD5
d63913ebb7623b808b979a649f081cf2
-
SHA1
9f88f01414b248a6d67d728b3d9a90b75792ba62
-
SHA256
6840230d45d0049ae884a6e7b81f4615b2aa3b660ea5fb6dab00945856b9e5be
-
SHA512
cc619f47b71355431dd2782042744ac3a1b7e09aeb9d4756a5cec89e58a6b4e7a13c89b40db8e1751ab3af8ee2b21ee344319bab2bbf6f540eb468bc5e3cc371
Static task
static1
Behavioral task
behavioral1
Sample
MonoShock_.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
MonoShock_.exe
-
Size
2.7MB
-
MD5
d63913ebb7623b808b979a649f081cf2
-
SHA1
9f88f01414b248a6d67d728b3d9a90b75792ba62
-
SHA256
6840230d45d0049ae884a6e7b81f4615b2aa3b660ea5fb6dab00945856b9e5be
-
SHA512
cc619f47b71355431dd2782042744ac3a1b7e09aeb9d4756a5cec89e58a6b4e7a13c89b40db8e1751ab3af8ee2b21ee344319bab2bbf6f540eb468bc5e3cc371
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-