General
-
Target
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1
-
Size
1.4MB
-
Sample
220611-2qh1xafha9
-
MD5
13659e94623ee639b4c00e3078b02773
-
SHA1
6391c909af12e313e09ddb93b1104faac917031f
-
SHA256
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1
-
SHA512
18979842b6a1c897d97efca12ad3f972e126acece3ec785c627f8a0859089e86826a8252599f5317a3dbc2a75329d6220fd846142a57d815990fd74d7df2ae46
Static task
static1
Behavioral task
behavioral1
Sample
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1
-
Size
1.4MB
-
MD5
13659e94623ee639b4c00e3078b02773
-
SHA1
6391c909af12e313e09ddb93b1104faac917031f
-
SHA256
244af50ffe70c9023ff123328614f8314093cf7a65e147d342381ecf025754f1
-
SHA512
18979842b6a1c897d97efca12ad3f972e126acece3ec785c627f8a0859089e86826a8252599f5317a3dbc2a75329d6220fd846142a57d815990fd74d7df2ae46
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-