General
-
Target
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263
-
Size
1.6MB
-
Sample
220720-erznqabff4
-
MD5
360928b5a21ce5408ef820d177082383
-
SHA1
073a039904bfd45bc756eadfcc586307f3c4bccc
-
SHA256
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263
-
SHA512
27b6b36b28c05f31ac70a1ca0c9392b143a27d2d2887a2ef2f10f4014fe8e98877fb18a66d9b7beb382febe50bec566f05d8c47b171d8686d561d1c594f2b150
Behavioral task
behavioral1
Sample
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263.exe
Resource
win10-20220414-en
Malware Config
Targets
-
-
Target
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263
-
Size
1.6MB
-
MD5
360928b5a21ce5408ef820d177082383
-
SHA1
073a039904bfd45bc756eadfcc586307f3c4bccc
-
SHA256
6cc29cdedf05f72a8d76db224f5f2e52dc97a1167d09534ae2efc3e7d4480263
-
SHA512
27b6b36b28c05f31ac70a1ca0c9392b143a27d2d2887a2ef2f10f4014fe8e98877fb18a66d9b7beb382febe50bec566f05d8c47b171d8686d561d1c594f2b150
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-