General
-
Target
H4T3B78I1DDXK82.zip
-
Size
9.9MB
-
Sample
220718-xcx6fsdcf5
-
MD5
d3f2f66eb8ac68cddbe59e8484397a38
-
SHA1
619bf73570f978096abf24203ccdbf797bbebe06
-
SHA256
2ccc3770e768afacc479ead684a2747f4a72d9dd1371a57f8dcfe34ec8a7f3e9
-
SHA512
f826c788610c0bcd1832bb404a962f745f2186c35d64ddffa2865718cd63e49970f2cc40aa951c98c8c8e560bf7b9fd4ac6b1b53ac11d019c230667602415be0
Behavioral task
behavioral1
Sample
pxlb0x98h40gyqlilll.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
pxlb0x98h40gyqlilll.exe
Resource
win10v2004-20220718-en
Behavioral task
behavioral3
Sample
qcinsexysb.dll
Resource
win7-20220715-en
Malware Config
Targets
-
-
Target
pxlb0x98h40gyqlilll
-
Size
884KB
-
MD5
4685811c853ceaebc991c3a8406694bf
-
SHA1
9cd382eb91bfea5782dd09f589a31b47c2c2b53e
-
SHA256
3242e0a736ef8ac90430a9f272ff30a81e2afc146fcb84a25c6e56e8192791e4
-
SHA512
a504fbca674f15d8964ebc6fac11d9431d700ca22736c00d5bb1e51551b0d2b9e4b2b6824bdf1a778111a0ba8d2601eada2f726b9ec7a9cfa5a53fd43c235b46
Score1/10 -
-
-
Target
qcinsexysb.zhv
-
Size
9.9MB
-
MD5
8f8cc66ab8a83673475e5597ab867517
-
SHA1
9d471773847057617eb35d1a5ef3d2494f0eedb2
-
SHA256
8cdbfc4afb7da7c07afa3830b0013c18fb0783d0ab04876b56a2128243b225a7
-
SHA512
ac1fc0fa07013d9b4327451720ebc36c0a0ba5124245f83df4d34b3065588f18cefd622fb01a6f77e56c22b75b91d28338537189512c7f70cf317d647ac90db4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-