General
-
Target
401820b4dccc59b2d201143456aa3cd68c6baf3a64d9486838226884d5b95353
-
Size
2.9MB
-
Sample
220708-z927sahefm
-
MD5
3f36796fa139f6d5011418bfad4bf706
-
SHA1
28a74adbc61b00135dfb97026d5d14bc6e02640e
-
SHA256
401820b4dccc59b2d201143456aa3cd68c6baf3a64d9486838226884d5b95353
-
SHA512
f21d94dbeabf9dce4f30a145dc39b3890beb63d7e399ffe27d3d07606ac881e769397d5ef78b6d94c8ec4ae564e4a3ddf71c9e875872e4eb0dc5c0753d65cad2
Static task
static1
Behavioral task
behavioral1
Sample
401820b4dccc59b2d201143456aa3cd68c6baf3a64d9486838226884d5b95353.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
401820b4dccc59b2d201143456aa3cd68c6baf3a64d9486838226884d5b95353
-
Size
2.9MB
-
MD5
3f36796fa139f6d5011418bfad4bf706
-
SHA1
28a74adbc61b00135dfb97026d5d14bc6e02640e
-
SHA256
401820b4dccc59b2d201143456aa3cd68c6baf3a64d9486838226884d5b95353
-
SHA512
f21d94dbeabf9dce4f30a145dc39b3890beb63d7e399ffe27d3d07606ac881e769397d5ef78b6d94c8ec4ae564e4a3ddf71c9e875872e4eb0dc5c0753d65cad2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-