General
-
Target
d2893dc91636ece225e8b561e13064424e36114966b1e64a98660589226799f8.zip
-
Size
58KB
-
Sample
220910-w9w4zsaeb5
-
MD5
2d794191c90bc88628d471e99d15fa28
-
SHA1
695f517c2ff5087bddba79bea719ef746198eabe
-
SHA256
0cb1195f577217350b7f9c46f26a3ba1f96e27a48b987aa7951e262e9524c011
-
SHA512
0c35df7f455b6b20425e90e0d4acf1c57209b8207465eab623c71f4d0d573d9e223c55cc0efc7d34a955f6a672f5c563b25ae8e58fd255abedcce91df0ba200e
-
SSDEEP
1536:Q/x219qrrFDNh9Ae2EOMiITs60ZF05nz1ww38i:uxU9cV7C60Z+zRH
Static task
static1
Behavioral task
behavioral1
Sample
d2893dc91636ece225e8b561e13064424e36114966b1e64a98660589226799f8.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
d2893dc91636ece225e8b561e13064424e36114966b1e64a98660589226799f8
-
Size
116KB
-
MD5
7b5d3626aa3a0f09acf476d11f4ea1f6
-
SHA1
a9d58d4c8bc666699f14cd81cf098e871619434e
-
SHA256
d2893dc91636ece225e8b561e13064424e36114966b1e64a98660589226799f8
-
SHA512
0f580ce34d3051c5d8a646101e4ee28d8825c17e60697d8f7792f639661bd34f65a6b69efdbccec907b08454e93dd5c390ff081c30a503efd2e9aa2a0ffb871b
-
SSDEEP
1536:vmpMxq1J9Nda2yCyje83YY9Yrt9A5bXXRKUsWqfd09dlhJSqj:Txq1rN5fyn3Tirt9WDB01MHJSq
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-