General
-
Target
0aeb86699aaeabff70d60aaad71285d9a942d8e9f0f230df858ed9789ab4a25a
-
Size
1.9MB
-
Sample
220530-f9bv2sefd3
-
MD5
c4ea4d1b3cb6ea95452258464d7c5c63
-
SHA1
e561e89f837cd99c9d21e7c99ee9b86d12776489
-
SHA256
0aeb86699aaeabff70d60aaad71285d9a942d8e9f0f230df858ed9789ab4a25a
-
SHA512
bb92a99bc4ece69b768eae9d96376c5b2b6f4f5670fa2f0a37a87b7fb8d1497aec8ec57846d3f30e898b5aa21f87f5c61d31fb6d3c4f18ed9494c41e82f385a5
Static task
static1
Behavioral task
behavioral1
Sample
ppdjdafasqfz_gr/??????.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ppdjdafasqfz_gr/??????.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
ppdjdafasqfz_gr/???????????6.06.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
ppdjdafasqfz_gr/???????????6.06.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ppdjdafasqfz_gr/??????.url
-
Size
219B
-
MD5
122e953f3a92541c27cc62db2d9bb0f7
-
SHA1
5c85d98b4bce0daac9631297ddb00b005161d131
-
SHA256
5bf9390d32df4da5ddb91425fc5002768a85305964a8e0cb8eda391b4b6511dd
-
SHA512
77240964186d2e9c9c73ed6bf13edccaeb40c0d8cbf477080c9a40a76d044964330e97421e4b45818bfbb2688e6bfaf6720a52f2efdd3b944f3624b1b5767583
Score6/10-
Adds Run key to start application
-
-
-
Target
ppdjdafasqfz_gr/???????????6.06.exe
-
Size
1.9MB
-
MD5
189e90af285ac23f7c7e613455e78e43
-
SHA1
7353341eb1cdea65e69be679bd5d00c7faf9d63e
-
SHA256
fa640ccad7e977a775f19e69a317d07c163f9dce07a2e984d45f3579eefb4f30
-
SHA512
3702ed7e63d9bb0497e84e50e98309cc5d38032f2c0663d1d2b80bf78d3027cbe7f85bb52c7864d96262c9df96f32f02d54ec19877188054e721310d0a8f5353
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-