General
-
Target
injector.exe
-
Size
3.4MB
-
Sample
211224-vr7bkaege3
-
MD5
cfc3984a2b7c140e79cd2ae42afffe42
-
SHA1
1a8061504f534700802a6a17ab609b2fc988ab71
-
SHA256
53c847547c4994568c24fd7381fc7225978bf1aeee758cc247366e4786411818
-
SHA512
3a5b88caa7e922b559d22eae67a836480bb17af06ebcbae0eb55be4df6e6bb7d721b572d5e25210ee9d2f98155820ba6e62de8fe788d2a8e01e2a67256601589
Static task
static1
Behavioral task
behavioral1
Sample
injector.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
injector.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
injector.exe
-
Size
3.4MB
-
MD5
cfc3984a2b7c140e79cd2ae42afffe42
-
SHA1
1a8061504f534700802a6a17ab609b2fc988ab71
-
SHA256
53c847547c4994568c24fd7381fc7225978bf1aeee758cc247366e4786411818
-
SHA512
3a5b88caa7e922b559d22eae67a836480bb17af06ebcbae0eb55be4df6e6bb7d721b572d5e25210ee9d2f98155820ba6e62de8fe788d2a8e01e2a67256601589
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-