General
-
Target
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed
-
Size
1.5MB
-
Sample
220520-3ddfbsgff5
-
MD5
563a7ddccf9756b593957c75222e8493
-
SHA1
6ee62d2b645422e6b2049c022c05fd1283dbc488
-
SHA256
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed
-
SHA512
995096ee640e54bc293376aa34ca0c85b567559813382bf9f77e1b0de0134297568cd5ded0cc8e201e00a1b09f70df52f957c66983f7cd2a3147a77e51b9e1e0
Static task
static1
Behavioral task
behavioral1
Sample
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed
-
Size
1.5MB
-
MD5
563a7ddccf9756b593957c75222e8493
-
SHA1
6ee62d2b645422e6b2049c022c05fd1283dbc488
-
SHA256
116ecb0dafaefd1dc7ede88471051c6432b704620915653cd324d751b56ea9ed
-
SHA512
995096ee640e54bc293376aa34ca0c85b567559813382bf9f77e1b0de0134297568cd5ded0cc8e201e00a1b09f70df52f957c66983f7cd2a3147a77e51b9e1e0
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-