General
-
Target
4589.zip
-
Size
7.2MB
-
Sample
220622-wflfdsaabl
-
MD5
74e7ab0f929de2ea20bbee139d4266aa
-
SHA1
8b3972f4fbb536e2d9a3140bc005946dab6a06d2
-
SHA256
6776efe2216dd81f0794d507b7cbd3c3f6b6b34406b1eb3cda6b34d724c90e38
-
SHA512
709c3280a1071bc29b26d0e8b14ade9127ff1e99f17a6527ab92ffe9aed6fe8de6ad0d9b8c5c7ba492e2f2abeb73d43654769b81e51030f1278d6f4457493f3b
Static task
static1
Behavioral task
behavioral1
Sample
4589.zip
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4589.zip
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
kdrkdk41du1eb4ap8iwo2rb59ggg.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
kdrkdk41du1eb4ap8iwo2rb59ggg.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
zbyrtzciif.dll
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
4589.zip
-
Size
7.2MB
-
MD5
74e7ab0f929de2ea20bbee139d4266aa
-
SHA1
8b3972f4fbb536e2d9a3140bc005946dab6a06d2
-
SHA256
6776efe2216dd81f0794d507b7cbd3c3f6b6b34406b1eb3cda6b34d724c90e38
-
SHA512
709c3280a1071bc29b26d0e8b14ade9127ff1e99f17a6527ab92ffe9aed6fe8de6ad0d9b8c5c7ba492e2f2abeb73d43654769b81e51030f1278d6f4457493f3b
Score1/10 -
-
-
Target
kdrkdk41du1eb4ap8iwo2rb59ggg
-
Size
884KB
-
MD5
4685811c853ceaebc991c3a8406694bf
-
SHA1
9cd382eb91bfea5782dd09f589a31b47c2c2b53e
-
SHA256
3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
-
SHA512
a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46
Score1/10 -
-
-
Target
zbyrtzciif.nqu
-
Size
7.0MB
-
MD5
e542f38011cc165154b3178db74032cb
-
SHA1
e09fc2c03003e84790be3a17b97fa2e90f08e2e9
-
SHA256
5019200109e04421b1097f6426450551e215c1b83f759a79fb4373e33d3d1002
-
SHA512
4911dc7e2233a1b2033801b222e674cf0c22915bdc1445059c12f52281df81c67b2f7009e3c8f048ca9131dbf608595467c5e20095844e66d985356410eb7ccf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-