General
-
Target
fake-flash.zip
-
Size
13.8MB
-
Sample
220511-qylwzsbcal
-
MD5
f0e8159305d41e436fd8661dd1a5b83e
-
SHA1
63a31517caa2fe9aa58ebec777b7a3e45c11d25b
-
SHA256
dcfe350d953062791506e32d953a38202216125de7999daa53e84372b2b800fa
-
SHA512
becdbcc85b4b0be81b3c88350fd69e70a0cae50f3ef811b14fb47394c10c90f5ebd2208f6457458104d2483221c9c32004383c49f99e4a4b6e626a25c270e039
Static task
static1
Behavioral task
behavioral1
Sample
627b7a13e4b0d5c47958d2e3.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
627b7a13e4b0d5c47958d2e3.exe
-
Size
13.9MB
-
MD5
cf0b38c9153e2d586b04fd88a82f9682
-
SHA1
745ad6244181b54061cacbebc1e0e39d5f0ae4bb
-
SHA256
0afeddf5d9d31c04ba1e5f3c5ac05cc5db4a232ece3dd2e3d15a1776a14e9993
-
SHA512
9b5cd095afc1295d28c69b4fc2b9bb27f730f90886993532f9f72be1656f613273679536835e265e928dce2d9aebc076bd6c2e166a5e005a404f276d7f91cc3f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-