General
-
Target
CloudWare.exe
-
Size
4.4MB
-
Sample
221003-h97c3adbf8
-
MD5
05c3c77aaa506ab0c4e3843753c7ede4
-
SHA1
5b067f0b0d97a7a7f617f89b043209c09157fe32
-
SHA256
fc25988009a922636bbff1bae10c81bd29a9cc5dec7c731d6eae2c26b7fbd2e0
-
SHA512
520bc2d0fa5ecdd86eaba7a159840c7cd8eaf668d950c68bb3f88029d173f6afe04cc839dc36e0f30902f989f86b4e32d7b60d045c674c34dc5df5574e03caff
-
SSDEEP
98304:KQGyk/JdYF4ZtmD4fiKzSCrQtaIoZ4SbxJsm0E42RjolX4wGtS7UQ:KQfkhdYaZq4fRSGQAIqFd0c2lbT7H
Behavioral task
behavioral1
Sample
CloudWare.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
CloudWare.exe
-
Size
4.4MB
-
MD5
05c3c77aaa506ab0c4e3843753c7ede4
-
SHA1
5b067f0b0d97a7a7f617f89b043209c09157fe32
-
SHA256
fc25988009a922636bbff1bae10c81bd29a9cc5dec7c731d6eae2c26b7fbd2e0
-
SHA512
520bc2d0fa5ecdd86eaba7a159840c7cd8eaf668d950c68bb3f88029d173f6afe04cc839dc36e0f30902f989f86b4e32d7b60d045c674c34dc5df5574e03caff
-
SSDEEP
98304:KQGyk/JdYF4ZtmD4fiKzSCrQtaIoZ4SbxJsm0E42RjolX4wGtS7UQ:KQfkhdYaZq4fRSGQAIqFd0c2lbT7H
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-