General
-
Target
f89a706dd15fe6f52f6f07a34f16d08f3cb4e90f63752f202c753dee4be5541a
-
Size
363KB
-
Sample
220906-15979saed6
-
MD5
54a232738e608fcb7e4e03cdc91c1f1a
-
SHA1
231998344115dededb6ba4bd5ad96d4a88aa7377
-
SHA256
f89a706dd15fe6f52f6f07a34f16d08f3cb4e90f63752f202c753dee4be5541a
-
SHA512
9371d489eaa2da65a0e7e2c32637376703ac48415819f4d014d3b0761e30e86669a516adacde8cda3836e32e30415c20f7d69bb3eedd9101783841ed69f12df6
-
SSDEEP
3072:DIrlI0W/u74xH57a1zZPQNMfM95HVDaoQcW0E5IjgQzNQKaE/jiy6G+0GzJbn:cC0sIG57aVZXM9bDlG01g2NQ9g+0GzJ
Static task
static1
Behavioral task
behavioral1
Sample
f89a706dd15fe6f52f6f07a34f16d08f3cb4e90f63752f202c753dee4be5541a.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
f89a706dd15fe6f52f6f07a34f16d08f3cb4e90f63752f202c753dee4be5541a
-
Size
363KB
-
MD5
54a232738e608fcb7e4e03cdc91c1f1a
-
SHA1
231998344115dededb6ba4bd5ad96d4a88aa7377
-
SHA256
f89a706dd15fe6f52f6f07a34f16d08f3cb4e90f63752f202c753dee4be5541a
-
SHA512
9371d489eaa2da65a0e7e2c32637376703ac48415819f4d014d3b0761e30e86669a516adacde8cda3836e32e30415c20f7d69bb3eedd9101783841ed69f12df6
-
SSDEEP
3072:DIrlI0W/u74xH57a1zZPQNMfM95HVDaoQcW0E5IjgQzNQKaE/jiy6G+0GzJbn:cC0sIG57aVZXM9bDlG01g2NQ9g+0GzJ
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-