General
-
Target
0x0004000000000737-135.dat
-
Size
2.7MB
-
Sample
220706-wn87eshha5
-
MD5
2e1b5bd5993ed556f63c440064f6680e
-
SHA1
09569ebfbdc6c8467230c63c2c2bb49ae3357880
-
SHA256
00bd9c8c6e890b516f64cffae9a7a4602969fc22e8fbd0b412003c239ff3612a
-
SHA512
abf9ce14be0e8bdfe3d2c07c2b94817ec4740e2d29c02a0de4def2a3265f610fc3de1ff289872aea175de0f2ab36213db7a0edba71dad210851a5c9f8ed7c8cc
Static task
static1
Behavioral task
behavioral1
Sample
0x0004000000000737-135.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0x0004000000000737-135.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
0x0004000000000737-135.dat
-
Size
2.7MB
-
MD5
2e1b5bd5993ed556f63c440064f6680e
-
SHA1
09569ebfbdc6c8467230c63c2c2bb49ae3357880
-
SHA256
00bd9c8c6e890b516f64cffae9a7a4602969fc22e8fbd0b412003c239ff3612a
-
SHA512
abf9ce14be0e8bdfe3d2c07c2b94817ec4740e2d29c02a0de4def2a3265f610fc3de1ff289872aea175de0f2ab36213db7a0edba71dad210851a5c9f8ed7c8cc
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-