General
-
Target
avionic
-
Size
7.2MB
-
Sample
220712-ha6x9afaar
-
MD5
a31b64e450ae6f70eac9971d0892ec26
-
SHA1
f4f220081af4ee0616fe03609bcfa602ead93f7f
-
SHA256
0c3c48fcbb51c1d1b2d3d49e33e1f9197bcb075cf0dedba27b7e7e0d47b93550
-
SHA512
571e436d65ad31bfaeb8673bb89337ba8e1cd74842fb28ab6e56654af4af311d9ad15941959297d4e1a86c3614b73939458a7bab3cc3062f9bbf97debe9ce072
Static task
static1
Behavioral task
behavioral1
Sample
iebwvjjvih.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
iebwvjjvih.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
w0jccd7ax4205ru6qggg.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
w0jccd7ax4205ru6qggg.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
iebwvjjvih.exx
-
Size
10.6MB
-
MD5
825bf79bf5ea0fc0bd1ec248d247647d
-
SHA1
01183ae1bfc3cf4c43312b45b8de227e949dee32
-
SHA256
78f5872d9cee1fdebd7700529958935ae07e7ee79872ff169601fad5964e1efe
-
SHA512
70be186a258ae6429c20398f981bec4695ae9a595ac7c11c41b9e4d335cd1453e7beddbf4e291ac91d9d119427b474c8db4d481d935399b28e1780161ab7dfbf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
w0jccd7ax4205ru6qggg
-
Size
884KB
-
MD5
4685811c853ceaebc991c3a8406694bf
-
SHA1
9cd382eb91bfea5782dd09f589a31b47c2c2b53e
-
SHA256
3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
-
SHA512
a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46
Score1/10 -