General
-
Target
homyel.exe
-
Size
2.8MB
-
Sample
220704-ry5jrsbgh4
-
MD5
8d83e980468557de9b7e71f7d972541b
-
SHA1
55a4226f5308ea659c68b61686af10398344de77
-
SHA256
ab406a77d2072ede4e117eaaaff8ed953a70f999044dc4beeac69a98853e8c9e
-
SHA512
ef2e404028c6e8239ad9f67b449c7546c96c6a918e9bcc3427574d809a3e4f9f7ea9e79b3a7584aa176b84e07934600c1b1cd1fbb25581788f3de15144cfe981
Static task
static1
Behavioral task
behavioral1
Sample
homyel.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
homyel.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
homyel.exe
-
Size
2.8MB
-
MD5
8d83e980468557de9b7e71f7d972541b
-
SHA1
55a4226f5308ea659c68b61686af10398344de77
-
SHA256
ab406a77d2072ede4e117eaaaff8ed953a70f999044dc4beeac69a98853e8c9e
-
SHA512
ef2e404028c6e8239ad9f67b449c7546c96c6a918e9bcc3427574d809a3e4f9f7ea9e79b3a7584aa176b84e07934600c1b1cd1fbb25581788f3de15144cfe981
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-