General
-
Target
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953
-
Size
2.0MB
-
Sample
220725-cqdzhsagek
-
MD5
93a90a2cc363ad8f332afcfeeccbb2ce
-
SHA1
6d42c6db5512175748910d6911acf3a8f5c75409
-
SHA256
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953
-
SHA512
5bffb70dd025463b3235245b9edd00323fcc40d4f521a97643dfa0c1bcc3c8f9bebb292de33af7c6c47c767a673f9020be745d2e2454b331412990d39f1f6deb
Static task
static1
Behavioral task
behavioral1
Sample
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953
-
Size
2.0MB
-
MD5
93a90a2cc363ad8f332afcfeeccbb2ce
-
SHA1
6d42c6db5512175748910d6911acf3a8f5c75409
-
SHA256
ff25cf462593a1d1dc8dd6b97dba4f27056b3b10744caf8e6750abe5f4dff953
-
SHA512
5bffb70dd025463b3235245b9edd00323fcc40d4f521a97643dfa0c1bcc3c8f9bebb292de33af7c6c47c767a673f9020be745d2e2454b331412990d39f1f6deb
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-