General
-
Target
modest-menu_v0.9.3_[kiddionsmodmenu.com] (1).zip
-
Size
11.5MB
-
Sample
220706-1cnhsshcgm
-
MD5
e00d12c8a5912b4cd4e8e399a0963d01
-
SHA1
3fae4d4d7198d91477362d48ee3500eaebb9c511
-
SHA256
bdb3617b937c03e6ad1ea0ec30383dd9a36d8daebcacd87b7d3529cced9c741f
-
SHA512
a3ad23babb03d4ca0ea49dab990a1d3a0ad6add93de22d4122de82eef394f698b86441d6bd91c0c5e6eed0f3d5b8ee571958e7fb4cd47dbabd987fefb046eaf6
Static task
static1
Behavioral task
behavioral1
Sample
modest-menu_v0.9.3/modest-menu.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
modest-menu_v0.9.3/modest-menu.exe
Resource
win10-20220414-en
Malware Config
Targets
-
-
Target
modest-menu_v0.9.3/modest-menu.exe
-
Size
11.5MB
-
MD5
3930ab52a2e6f4b0b371421cd3e509b9
-
SHA1
907013d0f905adc305caf0251c164db528eb596e
-
SHA256
71296bb15128fe1039a0566b746afaee20092fd8b575322536ec97725a9da9cd
-
SHA512
a6d8ed3dc52422b0f486e6ea4f87a414461ec0a04dc5257bdc7341362b4f141331f1eac5b5ce52c6c532450b188e87383944808153134a2e144660b5cfd9130e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-