General
-
Target
DCBR.msi
-
Size
5.6MB
-
Sample
210722-xltwqpdr42
-
MD5
3eb2ea9527590196759a92fdd24eaf8b
-
SHA1
22cb16a1c4331efa0f228484578b54708dcc1f0b
-
SHA256
0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15
-
SHA512
9c775c31e2148a2bd8a82b5be6527d2ccbd8d31df3afda7d5e4b6f35c7bceb4bee42c9933a5e5a38e9eacfd2b97b0ad6e3b896a6b5e1b4e043c83e265264bbbc
Static task
static1
Behavioral task
behavioral1
Sample
DCBR.msi
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DCBR.msi
Resource
win10v20210410
Malware Config
Targets
-
-
Target
DCBR.msi
-
Size
5.6MB
-
MD5
3eb2ea9527590196759a92fdd24eaf8b
-
SHA1
22cb16a1c4331efa0f228484578b54708dcc1f0b
-
SHA256
0bd168703d2bb6a6d5fffe115c4834f4057bcb7f7877369a3230a82badce3d15
-
SHA512
9c775c31e2148a2bd8a82b5be6527d2ccbd8d31df3afda7d5e4b6f35c7bceb4bee42c9933a5e5a38e9eacfd2b97b0ad6e3b896a6b5e1b4e043c83e265264bbbc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-