General
-
Target
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
-
Size
967KB
-
Sample
220201-j49rnsbhb7
-
MD5
1daec173bef2d6c442c4a59db74be63d
-
SHA1
6b527fc7232188e3afcace62f625df406af548be
-
SHA256
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
-
SHA512
f5cba6c7d6ac2a0840d64c5fcefd434788027e2a0e3c426352aea627f82e57f7ae5348031bfd879cc377f02ae652a079405557c4fb0b0026a73ab4884480cb95
Static task
static1
Behavioral task
behavioral1
Sample
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
-
Size
967KB
-
MD5
1daec173bef2d6c442c4a59db74be63d
-
SHA1
6b527fc7232188e3afcace62f625df406af548be
-
SHA256
146dd15ab549f6a0691c3a728602ce283825b361aa825521252c94e4a8bd94b4
-
SHA512
f5cba6c7d6ac2a0840d64c5fcefd434788027e2a0e3c426352aea627f82e57f7ae5348031bfd879cc377f02ae652a079405557c4fb0b0026a73ab4884480cb95
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-