General
-
Target
11
-
Size
7.8MB
-
Sample
210727-m1sr2f81aj
-
MD5
d047797106617b5ad99807fc6e7bde75
-
SHA1
73d889f597f98823619e9eafaecc6bf6d11285da
-
SHA256
e30d46be4dfd5ee6e4dd5c5bf668329629c13d350858cfa65f67158ef530ed60
-
SHA512
c94233f60563e9b48bcce18de67a5ea242bb6b1f83524e2ed0ea580050efa28d61eac4964d6e8514ef6b190e8bd8fd970c0df66016ed1ca111d6386a75919f33
Static task
static1
Behavioral task
behavioral1
Sample
11.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
11.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
11
-
Size
7.8MB
-
MD5
d047797106617b5ad99807fc6e7bde75
-
SHA1
73d889f597f98823619e9eafaecc6bf6d11285da
-
SHA256
e30d46be4dfd5ee6e4dd5c5bf668329629c13d350858cfa65f67158ef530ed60
-
SHA512
c94233f60563e9b48bcce18de67a5ea242bb6b1f83524e2ed0ea580050efa28d61eac4964d6e8514ef6b190e8bd8fd970c0df66016ed1ca111d6386a75919f33
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-