General
-
Target
77c3107fbeb08e09ebb0ef9da00e8a2f0ec51f40934df44ed24f965191c9011f
-
Size
2.6MB
-
Sample
220701-dndfmsbdb6
-
MD5
df8ab716bb924036201db252dcfe5d21
-
SHA1
a511c8dd8c615fb485d58fb98746a18b95181412
-
SHA256
77c3107fbeb08e09ebb0ef9da00e8a2f0ec51f40934df44ed24f965191c9011f
-
SHA512
40b1b819135abe218f5a5759a6d3f57309f1a10de514eee554459f6c31e8d12550c1d9c1909cdcc727769b1cc2ba7cff683e8016aba618ec0258ba820d6f8a8e
Static task
static1
Behavioral task
behavioral1
Sample
77c3107fbeb08e09ebb0ef9da00e8a2f0ec51f40934df44ed24f965191c9011f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
77c3107fbeb08e09ebb0ef9da00e8a2f0ec51f40934df44ed24f965191c9011f
-
Size
2.6MB
-
MD5
df8ab716bb924036201db252dcfe5d21
-
SHA1
a511c8dd8c615fb485d58fb98746a18b95181412
-
SHA256
77c3107fbeb08e09ebb0ef9da00e8a2f0ec51f40934df44ed24f965191c9011f
-
SHA512
40b1b819135abe218f5a5759a6d3f57309f1a10de514eee554459f6c31e8d12550c1d9c1909cdcc727769b1cc2ba7cff683e8016aba618ec0258ba820d6f8a8e
-
KPOT Core Executable
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-