General
-
Target
aa8d83fcd7b22fad37b1c445fe44d844e9667888cc11e081b113aa02982cb631.zip
-
Size
8.4MB
-
Sample
220629-t15nnacgg8
-
MD5
e1d258508544a535936fb2c9a78d6064
-
SHA1
c147ef0e7741c972a9024f99e7de9d69d14b8478
-
SHA256
aa8d83fcd7b22fad37b1c445fe44d844e9667888cc11e081b113aa02982cb631
-
SHA512
769c646b9ae5dac4375a47099a81bb3cf0809993b693ecdae7fcc0bd80d80556136b13af40e792a7b3ee01d0fddf98ec860aeca659e7ca12bb64b4a2ca575e97
Static task
static1
Behavioral task
behavioral1
Sample
aspack.dll
Resource
win7-20220414-es
Behavioral task
behavioral2
Sample
aspack.dll
Resource
win10v2004-20220414-es
Behavioral task
behavioral3
Sample
fat-0455056058.exe
Resource
win7-20220414-es
Behavioral task
behavioral4
Sample
fat-0455056058.exe
Resource
win10v2004-20220414-es
Malware Config
Targets
-
-
Target
aspack.dll
-
Size
8.0MB
-
MD5
7dc082e8b1d1c0bde07de2a84c9ea415
-
SHA1
346a806841d0d669ff168105f111d388fb5e69a4
-
SHA256
8f959360dd3f24ab27b4a371f53123568261bacb896a121c0660fd9d69dbddcf
-
SHA512
cecc5ffa67fb8540996c82860e97734884281272010ef213c06802627393e567d68aa4c410fdeb34ec7e47d1273cda1f8795cc8a2a546ddb4f8dcedfe44b8bb1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
fat-0455056058.exe
-
Size
557KB
-
MD5
e33bcdd61d70a1961df2c6d7f0c18351
-
SHA1
958ff5402b7e05be694b00bb760f124b79fe0c7d
-
SHA256
b1aad17f65fbdb5fb75e13a00bd3b1db6e5168f8e4419e57b13fb34dc48c4ba4
-
SHA512
d4bb02140173417986d559b7ab96b3388478a4494ce652ac01e6a84297f86d772408aa6591ace45e75cce589298ee3a9a7864624a25a0cbd7d1ced197bd4946b
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-