General
-
Target
CodSpoofer.exe
-
Size
9.7MB
-
Sample
220626-f4ls3agffn
-
MD5
b73b703a7bad26a004520bfc2f7d9991
-
SHA1
44be69e21740f9aef70a552a9d9a1bc204238f18
-
SHA256
db68bfffa183ba56793f6ed4500ce565d89ce08ba08e4b649afe806b2e3448e8
-
SHA512
e3c36978bfaeb1692d207c48e8b62cc0ada935a3285980b254857d649491f11d06030abcda2144a2ea21be102b9e88a9fe53cca852a348c3ad03ad1bdf0364da
Static task
static1
Behavioral task
behavioral1
Sample
CodSpoofer.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
CodSpoofer.exe
-
Size
9.7MB
-
MD5
b73b703a7bad26a004520bfc2f7d9991
-
SHA1
44be69e21740f9aef70a552a9d9a1bc204238f18
-
SHA256
db68bfffa183ba56793f6ed4500ce565d89ce08ba08e4b649afe806b2e3448e8
-
SHA512
e3c36978bfaeb1692d207c48e8b62cc0ada935a3285980b254857d649491f11d06030abcda2144a2ea21be102b9e88a9fe53cca852a348c3ad03ad1bdf0364da
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-