General
-
Target
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c
-
Size
110KB
-
Sample
220520-2s4qdsahhq
-
MD5
2926548716d0ffc875d9cddf62c03911
-
SHA1
175d40cb33cc6c01077fd3e765950e36d8773e0a
-
SHA256
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c
-
SHA512
1af5252e8430b285269b4a9a31527f9af5c35db50310f306068ded2601f71fae647c39b3190113e82d2c8ef20f94032b82dab481cc4a40c6649b0064d770efcd
Static task
static1
Behavioral task
behavioral1
Sample
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c
-
Size
110KB
-
MD5
2926548716d0ffc875d9cddf62c03911
-
SHA1
175d40cb33cc6c01077fd3e765950e36d8773e0a
-
SHA256
f895e4d8abe7ebe924498dc1c5af9ab9af5533bb713404f752d9a4536968441c
-
SHA512
1af5252e8430b285269b4a9a31527f9af5c35db50310f306068ded2601f71fae647c39b3190113e82d2c8ef20f94032b82dab481cc4a40c6649b0064d770efcd
Score9/10-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-