General
-
Target
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec
-
Size
2.3MB
-
Sample
220520-3x1d7shfh3
-
MD5
b3eb1618be3ac9e533fdcf7187bb962d
-
SHA1
5746fa762c6ca08f1b07318304be945a6501e223
-
SHA256
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec
-
SHA512
9f68877d2cefdca311e25cb268ce6b11737a6b70b8e4e48725619336f396175dbd8f502f512c08e7c88ef2b6c7d402453d10792b9addf1c97eebd2d213227e33
Static task
static1
Behavioral task
behavioral1
Sample
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec
-
Size
2.3MB
-
MD5
b3eb1618be3ac9e533fdcf7187bb962d
-
SHA1
5746fa762c6ca08f1b07318304be945a6501e223
-
SHA256
ec1872da6490ba9d2c8fdec536068b3684733f88d5b4d404268b3121a5fa79ec
-
SHA512
9f68877d2cefdca311e25cb268ce6b11737a6b70b8e4e48725619336f396175dbd8f502f512c08e7c88ef2b6c7d402453d10792b9addf1c97eebd2d213227e33
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-