General
-
Target
applecleanS3.exe
-
Size
3.2MB
-
Sample
211206-y3nv5saab7
-
MD5
74786746eb93c662f2c9aa16806b8025
-
SHA1
9c06dd24a00877c25a84403f2c076b0801bd443e
-
SHA256
b6e4d99871249faefd2ed9dab5dd045d3d9ea13b4608262588eb157ddc312a68
-
SHA512
0f612d2b08a92a67531d59077356e06f9df6e18c53356cf2d53ca369265f3f0a0b2f0a8828b06c805a9b206304e499ff1c842eddb285a029d2f0ce86a71be236
Static task
static1
Behavioral task
behavioral1
Sample
applecleanS3.exe
Resource
win7-en-20211104
Malware Config
Targets
-
-
Target
applecleanS3.exe
-
Size
3.2MB
-
MD5
74786746eb93c662f2c9aa16806b8025
-
SHA1
9c06dd24a00877c25a84403f2c076b0801bd443e
-
SHA256
b6e4d99871249faefd2ed9dab5dd045d3d9ea13b4608262588eb157ddc312a68
-
SHA512
0f612d2b08a92a67531d59077356e06f9df6e18c53356cf2d53ca369265f3f0a0b2f0a8828b06c805a9b206304e499ff1c842eddb285a029d2f0ce86a71be236
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-