General
-
Target
49255a7e201aebbd0dfd7e9384ada9d184f2fcdacbb054a897be53833b8a2f47
-
Size
2.1MB
-
Sample
220625-cv9a8acgh7
-
MD5
983654c42c7dbcfe606794d50dd06ace
-
SHA1
da0da07d82a7faee3d2d5b045b0eeb9b7d7aa855
-
SHA256
49255a7e201aebbd0dfd7e9384ada9d184f2fcdacbb054a897be53833b8a2f47
-
SHA512
b397ba21a2bbb927aebcff171e8445a6a1002d401860d6817ea11bd6e4521742293607799ba6a7394d974542eeb43769e969fc64b1ec7b84600ac48d7e504e97
Static task
static1
Behavioral task
behavioral1
Sample
49255a7e201aebbd0dfd7e9384ada9d184f2fcdacbb054a897be53833b8a2f47.exe
Resource
win7-20220414-en
Malware Config
Extracted
oski
sailent.xyz
Targets
-
-
Target
49255a7e201aebbd0dfd7e9384ada9d184f2fcdacbb054a897be53833b8a2f47
-
Size
2.1MB
-
MD5
983654c42c7dbcfe606794d50dd06ace
-
SHA1
da0da07d82a7faee3d2d5b045b0eeb9b7d7aa855
-
SHA256
49255a7e201aebbd0dfd7e9384ada9d184f2fcdacbb054a897be53833b8a2f47
-
SHA512
b397ba21a2bbb927aebcff171e8445a6a1002d401860d6817ea11bd6e4521742293607799ba6a7394d974542eeb43769e969fc64b1ec7b84600ac48d7e504e97
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-