General
-
Target
a00b8f8bc69f5c71136f4f4dc60e6ac0
-
Size
3.3MB
-
Sample
220205-s9ctkadbel
-
MD5
a00b8f8bc69f5c71136f4f4dc60e6ac0
-
SHA1
8be1e7ea88fff28314d0d52ded564bdca8654ce4
-
SHA256
427abc2035bd94beb2512e021757f81b9fbac201eb72018296889a8509e56072
-
SHA512
edb33962b03120a6aada572723a4fcc8ae16968f516c91587f0a243e00816360187dc791a25f23aa69afb96b25381a68bd96558e8305ff10fb6de98957f66ed0
Static task
static1
Behavioral task
behavioral1
Sample
a00b8f8bc69f5c71136f4f4dc60e6ac0.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a00b8f8bc69f5c71136f4f4dc60e6ac0.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
a00b8f8bc69f5c71136f4f4dc60e6ac0
-
Size
3.3MB
-
MD5
a00b8f8bc69f5c71136f4f4dc60e6ac0
-
SHA1
8be1e7ea88fff28314d0d52ded564bdca8654ce4
-
SHA256
427abc2035bd94beb2512e021757f81b9fbac201eb72018296889a8509e56072
-
SHA512
edb33962b03120a6aada572723a4fcc8ae16968f516c91587f0a243e00816360187dc791a25f23aa69afb96b25381a68bd96558e8305ff10fb6de98957f66ed0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-