General
-
Target
ativarmodulobanest.zip
-
Size
8.4MB
-
Sample
220708-larecadbb5
-
MD5
06d62a649048a231bccc7a02d17616d1
-
SHA1
58e4d97210cfd0d79b1658964834fe2c55b24f0a
-
SHA256
fad182e497a70f73d1f79f08e98f2d4d81c043a7c9fd95204e7a266bceddf287
-
SHA512
c782a85e5790a1b03a37f6e30c263ae7206a516602df22fce64c0b1e3bcaad9b64b72b25dfbcb6fca1570709558de2ffdc914cced9cd19d1adda6f0493450dfb
Static task
static1
Behavioral task
behavioral1
Sample
aspack.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
aspack.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
ativarmodulobanest.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
ativarmodulobanest.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
aspack.dll
-
Size
8.1MB
-
MD5
1f168d3537686da20347b7eff489b0e8
-
SHA1
f8aa5b2fd542e20aaabd12ec2cded5fee3c66dfc
-
SHA256
d18b87265e2ed41cfb4f725b3ee23c82aadfc4c3e701351a1a60f26486b920ff
-
SHA512
e0be5c5c16203ea95eec7b673a0cea6a501b00a0cfdf84e45e39e66ccfccf5fb1489e4cb7434b07061dff00d3a701c64abb8e07ad20c9d88523117da0b0810f9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
ativarmodulobanest.exe
-
Size
557KB
-
MD5
e33bcdd61d70a1961df2c6d7f0c18351
-
SHA1
958ff5402b7e05be694b00bb760f124b79fe0c7d
-
SHA256
b1aad17f65fbdb5fb75e13a00bd3b1db6e5168f8e4419e57b13fb34dc48c4ba4
-
SHA512
d4bb02140173417986d559b7ab96b3388478a4494ce652ac01e6a84297f86d772408aa6591ace45e75cce589298ee3a9a7864624a25a0cbd7d1ced197bd4946b
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-