General
-
Target
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784
-
Size
1.9MB
-
Sample
220520-3jxq6abhfq
-
MD5
0adc48ffc248102168a46372cc982256
-
SHA1
8a07e8646b722b7494953a70a77d6457bbad2aba
-
SHA256
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784
-
SHA512
b08814958948e449742c435029ece2806fcfec5445530e84f8d8ca97d123a91ec56e5b039ae9eb13e82e594aab6ee75a18f5fbf9d941fd713bfb17f8eca0e7be
Static task
static1
Behavioral task
behavioral1
Sample
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784
-
Size
1.9MB
-
MD5
0adc48ffc248102168a46372cc982256
-
SHA1
8a07e8646b722b7494953a70a77d6457bbad2aba
-
SHA256
1fc109f7f595ca36f23b321cb83d0a05725f43bbfe9159ff030f4d32ef2c6784
-
SHA512
b08814958948e449742c435029ece2806fcfec5445530e84f8d8ca97d123a91ec56e5b039ae9eb13e82e594aab6ee75a18f5fbf9d941fd713bfb17f8eca0e7be
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-