General
-
Target
LineInst.exe.7z
-
Size
63.2MB
-
Sample
220706-jmy9lsacep
-
MD5
869859cb926165635b79d42414d4ee50
-
SHA1
d1ba52158e3745811a3f564673b0cde1a512c369
-
SHA256
eae05ad219796fb2a3d956c6b1b7478412ca8102dc9822ce080c02132659ac70
-
SHA512
18d40eae3c4d6c86c8037049666f0ad4f24a537b9d71ad4d0aa35944c6801ef534a9e252de9d40eae43b930eaef0f048abc0dd371bc11e5160ef3b9467b43932
Static task
static1
Behavioral task
behavioral1
Sample
LineInst.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
LineInst.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
LineInst.exe
-
Size
63.6MB
-
MD5
9538a246a143ab3dd6102ccf67cc4479
-
SHA1
977315ff6c432b6ade557a2bd4937681a4435930
-
SHA256
029e81e6a5307da6c6675a13cdeb0d899027ced1865d219982f0c93c3b3fce63
-
SHA512
f81a6c3714086a06e80a0938803bac257e617b3d2ac1f344ce61a586bf4cf5ad6772afab66a984536d32b59cd25e7e41e4dd3643447cecb8d65a2636db118afa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-