General
-
Target
0584c52f946e866ea2caa2814b6a1787ef8470e85efdebab6e8fcee4654006df
-
Size
4.4MB
-
Sample
220521-ngsxvsghak
-
MD5
b5254c6578562b5cfd776c9cdb930022
-
SHA1
6a53830f5b5de17eb30eb8736c6380e80f547c69
-
SHA256
0584c52f946e866ea2caa2814b6a1787ef8470e85efdebab6e8fcee4654006df
-
SHA512
1f2e6ac0b61c24384e5075d92a266a901c00a72a62c1b158d0780ba3cc32e6afd410328e4d3f428d83c9b92d48a292b5213d27cf297b253921176bf25fef24e7
Static task
static1
Behavioral task
behavioral1
Sample
GEe97Z.msi
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
GEe97Z.msi
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
GEe97Z.msi
-
Size
4.5MB
-
MD5
4cd8781e8e4decc80f164492cb452a91
-
SHA1
9f920f504d5a918ef4aa7bd725b6a9ba58c010f1
-
SHA256
4447d83b1a103618cea2deaed2e10d38aef10df6dfd7c24288e632004d4590ea
-
SHA512
f33d567ddd5e2ae81b89b42d8d27686cb29b10c34dc48d6462377c8d6138e79b1107ecf622c4220ef8ffee01b1f986c2b3f56d89733a8ef6175f081b723aa7b1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-