General
-
Target
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59
-
Size
195KB
-
Sample
221123-m5qxqsba5s
-
MD5
6c514b0dfa629c43908fa93fb98573a8
-
SHA1
12fddb10a119a3789029341ae9d492903607d4b5
-
SHA256
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59
-
SHA512
ad9879da921a730c7fa5117678fb72009c6e747bf0fd5da55b80b04191a6af41106c1d98292c6f0c43e2fad7830d42834bd5389ff4e8393f02edcc5c1c9b1d32
-
SSDEEP
6144:eNvTQU1zmDDVmefsw79Qdial8S8wojaFNBoknE2dRV:0MU1zmAekwJQcs8SHojaFnokDV
Static task
static1
Behavioral task
behavioral1
Sample
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59
-
Size
195KB
-
MD5
6c514b0dfa629c43908fa93fb98573a8
-
SHA1
12fddb10a119a3789029341ae9d492903607d4b5
-
SHA256
110fa34e5822e3a8faf1145897c87c1c9cee1a76b395f2889191790d9dbdfb59
-
SHA512
ad9879da921a730c7fa5117678fb72009c6e747bf0fd5da55b80b04191a6af41106c1d98292c6f0c43e2fad7830d42834bd5389ff4e8393f02edcc5c1c9b1d32
-
SSDEEP
6144:eNvTQU1zmDDVmefsw79Qdial8S8wojaFNBoknE2dRV:0MU1zmAekwJQcs8SHojaFnokDV
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-