General
-
Target
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb
-
Size
1.3MB
-
Sample
220210-dq6j7schcp
-
MD5
a066d1aef3e91189937889458fa04d30
-
SHA1
a24c718a062b76a598eadd06071c3164a1a31fc5
-
SHA256
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb
-
SHA512
1d3ec0db3b4e8ffb787e0eedf103a63da6e001f0d4560c89fcdb6dbce6645a6b723c45b03f55eae28f5df737bc6057b179ea7bee74d35dee5072e7fc23aed4a7
Static task
static1
Behavioral task
behavioral1
Sample
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb
-
Size
1.3MB
-
MD5
a066d1aef3e91189937889458fa04d30
-
SHA1
a24c718a062b76a598eadd06071c3164a1a31fc5
-
SHA256
2a6dab03503559d4d2e2b08f73c5c27956f01faee363b4119461e61f656cefdb
-
SHA512
1d3ec0db3b4e8ffb787e0eedf103a63da6e001f0d4560c89fcdb6dbce6645a6b723c45b03f55eae28f5df737bc6057b179ea7bee74d35dee5072e7fc23aed4a7
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-