General
-
Target
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0
-
Size
274KB
-
Sample
221123-m47tvsba21
-
MD5
4e8e075eefa43ba3b2458dcb666f7980
-
SHA1
fe36560b0da6b69bdfb9e9e9d72461904b463f68
-
SHA256
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0
-
SHA512
f6cf91da4cdf4de5bde14647b2d369c8911809e0cb48ca97a4a7d948826c2ef7cf246b046b03dc4efb60616e1699ef4803fbfaab4edf120fc915f4e6ff8eb4f0
-
SSDEEP
6144:ONvT2qidPyt2FLDvdA0SKMjX1WPRwJh5HWD4:EiqwPyMZvdA0fk1FHB
Static task
static1
Behavioral task
behavioral1
Sample
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0
-
Size
274KB
-
MD5
4e8e075eefa43ba3b2458dcb666f7980
-
SHA1
fe36560b0da6b69bdfb9e9e9d72461904b463f68
-
SHA256
0ad22382729e81bd7c1f5e99e33ef1fc9fd9d3279cbb2d9f1ac47181aea6d4d0
-
SHA512
f6cf91da4cdf4de5bde14647b2d369c8911809e0cb48ca97a4a7d948826c2ef7cf246b046b03dc4efb60616e1699ef4803fbfaab4edf120fc915f4e6ff8eb4f0
-
SSDEEP
6144:ONvT2qidPyt2FLDvdA0SKMjX1WPRwJh5HWD4:EiqwPyMZvdA0fk1FHB
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-