General
-
Target
N-72kzbfcz 2d2e1q.msi
-
Size
952KB
-
Sample
220203-lg4cgsfbc6
-
MD5
7d577d8a871c7340f56660b1e4389601
-
SHA1
6e2a1cb4eb564634baab2c1649fdaed7f92d7943
-
SHA256
56e791cc8e07df049102c8d489a27c08ce231b90ac97eb97c741ddeb236fec24
-
SHA512
03a1693e8f4be065bb4e84ff7c8e56e4c2e3a59092c38a0d503fe30032f5d67d2f0cab75dbe36751da456015ef1f7d81d343d6253fc418f661c4003c0eaae72c
Static task
static1
Behavioral task
behavioral1
Sample
N-72kzbfcz 2d2e1q.msi
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
N-72kzbfcz 2d2e1q.msi
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
N-72kzbfcz 2d2e1q.msi
-
Size
952KB
-
MD5
7d577d8a871c7340f56660b1e4389601
-
SHA1
6e2a1cb4eb564634baab2c1649fdaed7f92d7943
-
SHA256
56e791cc8e07df049102c8d489a27c08ce231b90ac97eb97c741ddeb236fec24
-
SHA512
03a1693e8f4be065bb4e84ff7c8e56e4c2e3a59092c38a0d503fe30032f5d67d2f0cab75dbe36751da456015ef1f7d81d343d6253fc418f661c4003c0eaae72c
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-