General
-
Target
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f
-
Size
3.3MB
-
Sample
220520-qcrv4sfhfm
-
MD5
d06ef949ac8451297df5801ce2d523f0
-
SHA1
ea30b213c08251a49d6ffc75fa7a71a894502b9f
-
SHA256
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f
-
SHA512
25dafe8be0f8deb160dc301a7b3f444dac88c3caaf47762efe75a82da716d3e5bc75318152410aade89df1bce4d95fdf2645fe4db0331618c3a09e2c1d24bd53
Static task
static1
Behavioral task
behavioral1
Sample
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f
-
Size
3.3MB
-
MD5
d06ef949ac8451297df5801ce2d523f0
-
SHA1
ea30b213c08251a49d6ffc75fa7a71a894502b9f
-
SHA256
ea6d4ee1db3178aef17fc189e8d709cfbdaa07856d9b2176a6169a28e0860a8f
-
SHA512
25dafe8be0f8deb160dc301a7b3f444dac88c3caaf47762efe75a82da716d3e5bc75318152410aade89df1bce4d95fdf2645fe4db0331618c3a09e2c1d24bd53
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-