General
-
Target
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328
-
Size
690.6MB
-
Sample
221105-edv4daddf6
-
MD5
d510769622b55bdbb6d1a254807ff5f0
-
SHA1
a7c1a0b325bbc7afcf3fcb26fe775e3210f6f2f9
-
SHA256
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328
-
SHA512
3027401c1adf9fc20168a259f878414c99429076c5625607026c9630eff0ecc20e271ac46f36f26b267ace42dca5bb45601c754f15276ffc935bfbe534b8db74
-
SSDEEP
98304:wxMrLzvnxGmEIAG2GX0Hj0JUGg8Jm0nayOuaC/QbSFMKR7fW7yJjr:wxM7xtftEAJFFn2un5d7faSr
Behavioral task
behavioral1
Sample
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328.exe
Resource
win10-20220812-en
Malware Config
Extracted
systembc
185.209.30.138:4127
192.168.1.149:4127
Targets
-
-
Target
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328
-
Size
690.6MB
-
MD5
d510769622b55bdbb6d1a254807ff5f0
-
SHA1
a7c1a0b325bbc7afcf3fcb26fe775e3210f6f2f9
-
SHA256
1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328
-
SHA512
3027401c1adf9fc20168a259f878414c99429076c5625607026c9630eff0ecc20e271ac46f36f26b267ace42dca5bb45601c754f15276ffc935bfbe534b8db74
-
SSDEEP
98304:wxMrLzvnxGmEIAG2GX0Hj0JUGg8Jm0nayOuaC/QbSFMKR7fW7yJjr:wxM7xtftEAJFFn2un5d7faSr
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-