General
-
Target
New_Order.exe
-
Size
2.6MB
-
Sample
220125-vf2xpsbeb5
-
MD5
3b585ac87a4c039f3685c66cadc62960
-
SHA1
a7f60a4dd8931e81b736adc744a4e709e8c5ffe7
-
SHA256
60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3
-
SHA512
bf2c4dea4cf1174562b60a6793111aa486e512c4a2e4da1d227ff3852a2c8e7892f1a3bc8ec2eb1315ebaa353f13fa684bade76b4c9c807cf0e86b5ac3903dfd
Static task
static1
Behavioral task
behavioral1
Sample
New_Order.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
New_Order.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
New_Order.exe
-
Size
2.6MB
-
MD5
3b585ac87a4c039f3685c66cadc62960
-
SHA1
a7f60a4dd8931e81b736adc744a4e709e8c5ffe7
-
SHA256
60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3
-
SHA512
bf2c4dea4cf1174562b60a6793111aa486e512c4a2e4da1d227ff3852a2c8e7892f1a3bc8ec2eb1315ebaa353f13fa684bade76b4c9c807cf0e86b5ac3903dfd
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-