General
-
Target
Titulo.exe
-
Size
7.1MB
-
Sample
211021-laklssaag3
-
MD5
ab2a4a3d64d5acdc05f1f705f2ee8ae0
-
SHA1
741a09870bed245f7b3b65048fa93390a32bc83c
-
SHA256
8ab695530d3f810ba36013892ceb56c4a8e6ff20d98f1b16d095b0c2a5d184b2
-
SHA512
12c6afac7af32fbbe72c500c5efeffde2eb5b3d743fe28eb1fe482286d7d2bd297d0e8df28cc42363c3c3d4722898f000b327bc5660bde0e5da855f3e4b3b0d6
Static task
static1
Behavioral task
behavioral1
Sample
Titulo.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Titulo.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
Titulo.exe
-
Size
7.1MB
-
MD5
ab2a4a3d64d5acdc05f1f705f2ee8ae0
-
SHA1
741a09870bed245f7b3b65048fa93390a32bc83c
-
SHA256
8ab695530d3f810ba36013892ceb56c4a8e6ff20d98f1b16d095b0c2a5d184b2
-
SHA512
12c6afac7af32fbbe72c500c5efeffde2eb5b3d743fe28eb1fe482286d7d2bd297d0e8df28cc42363c3c3d4722898f000b327bc5660bde0e5da855f3e4b3b0d6
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-