General
-
Target
046876997becdd4821468ca632da8a1cd4e9aa2f46d4c138246807b3f5aaff76
-
Size
363KB
-
Sample
220904-157r5shba7
-
MD5
6e7a1a02cb9a385a812bae80ba0b7b38
-
SHA1
66659bf0df4bfdb6660370151e506a92e823c5c9
-
SHA256
046876997becdd4821468ca632da8a1cd4e9aa2f46d4c138246807b3f5aaff76
-
SHA512
55600fa6ab1004edde3e0d50c32ee07b15fd1b00debbeb159346c39ed53bf5ae3340625c88baff5e4c17a258ed0a5b54ddf8666fc0268121535baa8740d6414e
-
SSDEEP
6144:1C0sIG57arZX69b6M0sXMBL/OT8iosCNTw:1kv7a9X6Czp/xiow
Static task
static1
Behavioral task
behavioral1
Sample
046876997becdd4821468ca632da8a1cd4e9aa2f46d4c138246807b3f5aaff76.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
046876997becdd4821468ca632da8a1cd4e9aa2f46d4c138246807b3f5aaff76
-
Size
363KB
-
MD5
6e7a1a02cb9a385a812bae80ba0b7b38
-
SHA1
66659bf0df4bfdb6660370151e506a92e823c5c9
-
SHA256
046876997becdd4821468ca632da8a1cd4e9aa2f46d4c138246807b3f5aaff76
-
SHA512
55600fa6ab1004edde3e0d50c32ee07b15fd1b00debbeb159346c39ed53bf5ae3340625c88baff5e4c17a258ed0a5b54ddf8666fc0268121535baa8740d6414e
-
SSDEEP
6144:1C0sIG57arZX69b6M0sXMBL/OT8iosCNTw:1kv7a9X6Czp/xiow
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-