General
-
Target
a4ee9f4729596748dec32a90e27547c0.exe.vir
-
Size
6.1MB
-
Sample
220930-sxnejadhh9
-
MD5
a4ee9f4729596748dec32a90e27547c0
-
SHA1
d8bf8f8e877babd4ee74a63a02e866b8f5e7fd6f
-
SHA256
250e065988da19ed97e3a9ea5c185059688fbe3c9c240f207dc518377ec53ef9
-
SHA512
a09a930fed406e2affdbddc725a48405032a02ef877d1c8a3fe50e9344339955b5b4511c6107e430a13e2d2cbd5c7eb636c9e729f6232c9e6f9fa9b2f3e59631
-
SSDEEP
98304:+Mu3f/jr6blqCtAZhO0oNtHjgKPUbzSTcLYUkwf8M2m51AjLrLrQ/J:+Vf/v6bl3tNXtoQcLs/M2mDAjPLA
Behavioral task
behavioral1
Sample
a4ee9f4729596748dec32a90e27547c0.exe
Resource
win7-20220812-en
Malware Config
Extracted
systembc
89.22.225.242:4193
195.2.93.22:4193
Targets
-
-
Target
a4ee9f4729596748dec32a90e27547c0.exe.vir
-
Size
6.1MB
-
MD5
a4ee9f4729596748dec32a90e27547c0
-
SHA1
d8bf8f8e877babd4ee74a63a02e866b8f5e7fd6f
-
SHA256
250e065988da19ed97e3a9ea5c185059688fbe3c9c240f207dc518377ec53ef9
-
SHA512
a09a930fed406e2affdbddc725a48405032a02ef877d1c8a3fe50e9344339955b5b4511c6107e430a13e2d2cbd5c7eb636c9e729f6232c9e6f9fa9b2f3e59631
-
SSDEEP
98304:+Mu3f/jr6blqCtAZhO0oNtHjgKPUbzSTcLYUkwf8M2m51AjLrLrQ/J:+Vf/v6bl3tNXtoQcLs/M2mDAjPLA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-