General
-
Target
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c
-
Size
4.3MB
-
Sample
220524-2jtttsade8
-
MD5
49302b6e7322c4d43332764da154c265
-
SHA1
0a31920c37332ba69cf850e81c9e3f1600aede88
-
SHA256
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c
-
SHA512
1b14c817fed377bb8063737d75f6f8c131a150ab334ceb8359a7222b1a9ed0ff0d344a55dac54393c52492013073f0d03adff8f0bbd220e840cc1d4106385886
Static task
static1
Behavioral task
behavioral1
Sample
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c
-
Size
4.3MB
-
MD5
49302b6e7322c4d43332764da154c265
-
SHA1
0a31920c37332ba69cf850e81c9e3f1600aede88
-
SHA256
0d9d5c831a3b7fa7488bdac603ae2831c2687e73f6a4c47eb976475b2db3432c
-
SHA512
1b14c817fed377bb8063737d75f6f8c131a150ab334ceb8359a7222b1a9ed0ff0d344a55dac54393c52492013073f0d03adff8f0bbd220e840cc1d4106385886
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-