General
-
Target
prismhack0.2.exe
-
Size
3.6MB
-
Sample
220216-welprsdccn
-
MD5
309a24b1017457d05e614d64f5e7d90c
-
SHA1
14231b9078500c1e23aa88ab26423771e953307a
-
SHA256
9fceb5cd4616e4d665122a1ecd38ec29c4aa8cf8fe5f9fb2634feda77142dc99
-
SHA512
b8ce0cebad2d658946fdf6a92838db6f13cd0b340521f0a58fff6b7be847189681f0c3e3bc91330c082088f5b47c17a5b3069845a078913c643ed6b8a53e8b60
Static task
static1
Behavioral task
behavioral1
Sample
prismhack0.2.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
prismhack0.2.exe
-
Size
3.6MB
-
MD5
309a24b1017457d05e614d64f5e7d90c
-
SHA1
14231b9078500c1e23aa88ab26423771e953307a
-
SHA256
9fceb5cd4616e4d665122a1ecd38ec29c4aa8cf8fe5f9fb2634feda77142dc99
-
SHA512
b8ce0cebad2d658946fdf6a92838db6f13cd0b340521f0a58fff6b7be847189681f0c3e3bc91330c082088f5b47c17a5b3069845a078913c643ed6b8a53e8b60
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-