General
-
Target
3b9ed58b0257f47f063f185e5254ad039eeeb26aa86d6b193b4e4db309f82f63
-
Size
4.1MB
-
Sample
220205-hqpc5shbej
-
MD5
7b17b1552bcacec5e94b32e10c0bd415
-
SHA1
1724eef7975f41396e92cf6ba405c5e49a41f576
-
SHA256
3b9ed58b0257f47f063f185e5254ad039eeeb26aa86d6b193b4e4db309f82f63
-
SHA512
9316e7e9f8d1b3d236e0e64a3327168bc137eab6bdc6a65d825ac5a6093dad94cec95a7375b32ac12114700e6c3006d7e699310340b9d8f3f46d55018b44949a
Static task
static1
Behavioral task
behavioral1
Sample
PO_40000.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO_40000.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
PO_40000.EXE
-
Size
3.6MB
-
MD5
ebe19768a5489ee4fa2d6e8d19290666
-
SHA1
2371e638682b62b64ddb753bafa4558ab320e587
-
SHA256
546e5320773891c160621ec99d48fb4d90d6d58bc26ab01d7e5a3f16fec9636c
-
SHA512
abbc69f1e6a21c40c17ad8235e11f7b97e4e59aaab61b3e4393b4d4e27ca2df729ee0959cf2fb18ae7c8b93c4944344e2d1711e65df89014b49ead1022d57a8f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-