General
-
Target
lunacy.rar
-
Size
4.0MB
-
Sample
220820-a5ylcscffn
-
MD5
7e83e3e35678b22ae36e3c9550626166
-
SHA1
6c186c610fc9b2b1ceff183d96afef375950308a
-
SHA256
6de7a27a8e73d973c75b7a76df0cb88d0520d7be8cbfd53665cccc0e0440705b
-
SHA512
dbba7aaa503782216b55c9a41848bd0cf5a8a7bdbc9adedd30ddbb052a20c71df6b213f90faf12525727883806dd35a603d1623a57f06b5a3a866c6bc97414d0
-
SSDEEP
98304:fQngROv4r/zO/r5kxhWwe53k1PVxjZyU4oXKp46EC40fhDi+A:fo2w9/lkXla0hZybp4600D5A
Behavioral task
behavioral1
Sample
lunacy.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
lunacy.exe
-
Size
4.0MB
-
MD5
1d69ae7492297f604e9dd12e2d072633
-
SHA1
d96138e0875854bb1e43831f8db5d3f4088e0482
-
SHA256
5a9a249137512f20f877391e86dd058c440c67aec98116624f8b73a99bb23197
-
SHA512
36e539d7c007b5b3fa64a3aefa00396dd596d752f44090ed7d1df4b163747fcbc50065fafc91e5bce14b8fb4a6c2753853c2f372517632e5a3fcacc7975ff1a8
-
SSDEEP
49152:SSC6SaKXMvRbDt/Za3CUQOOFkDobTgV03SXPq2H6JollAcT1+PqfSuPyFQW+ZKUR:jsPlgSs80332H6JLSSESQW+ZF2EpV98w
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-