General
-
Target
fdvs.exe
-
Size
7.4MB
-
Sample
220907-f7s2jsbbc4
-
MD5
84ce5fd0128b726ac96fe36b2487f2cb
-
SHA1
85d72d2107bfada76b93b87aac159434feb5655b
-
SHA256
4e26769763d85b15d722bf3257809ebaf7248b6b05aaaf38312ae57617b42b4a
-
SHA512
b086cbf368caab100fc52cdfde092d6262512396879279fcafd925a2ba013b8f5743faa78413db336334a38fc5c86d0f5dbf4532162a53ef6364720026643dd0
-
SSDEEP
196608:qs7RTqMym+7SHwnuyFAHqEs4ezo22zS9nln60R:T7Y11nu+cso2Plnv
Behavioral task
behavioral1
Sample
fdvs.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
fdvs.exe
-
Size
7.4MB
-
MD5
84ce5fd0128b726ac96fe36b2487f2cb
-
SHA1
85d72d2107bfada76b93b87aac159434feb5655b
-
SHA256
4e26769763d85b15d722bf3257809ebaf7248b6b05aaaf38312ae57617b42b4a
-
SHA512
b086cbf368caab100fc52cdfde092d6262512396879279fcafd925a2ba013b8f5743faa78413db336334a38fc5c86d0f5dbf4532162a53ef6364720026643dd0
-
SSDEEP
196608:qs7RTqMym+7SHwnuyFAHqEs4ezo22zS9nln60R:T7Y11nu+cso2Plnv
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Modifies file permissions
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-