General
-
Target
bd4f721c3e163f0f569b0ee6053a60a9904f6b0005bb3c4746737b21bf4eefdd
-
Size
9.2MB
-
Sample
220621-kz2e6segg8
-
MD5
8560f7f38a13c676a72b708baad53359
-
SHA1
0fe9b1237784592df181634edefb4ad02687d842
-
SHA256
bd4f721c3e163f0f569b0ee6053a60a9904f6b0005bb3c4746737b21bf4eefdd
-
SHA512
c5cefa7ce3280a673ef81cbb64a5d0c1d9455ef21cfc0d3945ca9fa1836ebba3fd8171d7d742b17a5ca5ae5b7f0a9c6ead207b4740c0478ba38e7782967138d1
Static task
static1
Behavioral task
behavioral1
Sample
jetxpvyoad.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
jetxpvyoad.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
x84ltcosp61j8cbo9uy7z50zggg.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
x84ltcosp61j8cbo9uy7z50zggg.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
jetxpvyoad.zid
-
Size
9.2MB
-
MD5
1a515d2f5cadf1adf6ef13625777f9cb
-
SHA1
5633963055415e954fda91653d172084cc32af19
-
SHA256
4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614
-
SHA512
fafce093d869d2405b08289c7b24b8f92d7a1c8ecc5adf55d48efdbdc67c43dc8cc8855f84f60212220eac377b550e00e10e10aebbf8dd38c88764ffc5ff430c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
x84ltcosp61j8cbo9uy7z50zggg
-
Size
884KB
-
MD5
4685811c853ceaebc991c3a8406694bf
-
SHA1
9cd382eb91bfea5782dd09f589a31b47c2c2b53e
-
SHA256
3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
-
SHA512
a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46
Score1/10 -