General
-
Target
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d
-
Size
174KB
-
Sample
221123-mwes4sfb68
-
MD5
350de0be7d9e7f3d899dd4851c2fcb86
-
SHA1
d0853aef9f2a563dccd420ed2460d122e9eb9929
-
SHA256
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d
-
SHA512
a88896ae95099858174b382d5fab799123e4f1a5dc6d53773b820702c9aaa8161c2832cdeab6afed68ae00eb26f436256965898c7a458925461640fc0b2e11a9
-
SSDEEP
3072:qgXdZt9P6D3XJdlOPOZFqdrh2QznsTXC2NKMcyha0nKucir3T3T3aDgtUrPd+KkP:qe343lWkFqdKXC2NIyha0Gu3TzaPbd+
Static task
static1
Behavioral task
behavioral1
Sample
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d
-
Size
174KB
-
MD5
350de0be7d9e7f3d899dd4851c2fcb86
-
SHA1
d0853aef9f2a563dccd420ed2460d122e9eb9929
-
SHA256
fef13d1944bc268cd6a2d4c6e9ce7a2bf71d492ec88460ee91c566eae2d7934d
-
SHA512
a88896ae95099858174b382d5fab799123e4f1a5dc6d53773b820702c9aaa8161c2832cdeab6afed68ae00eb26f436256965898c7a458925461640fc0b2e11a9
-
SSDEEP
3072:qgXdZt9P6D3XJdlOPOZFqdrh2QznsTXC2NKMcyha0nKucir3T3T3aDgtUrPd+KkP:qe343lWkFqdKXC2NIyha0Gu3TzaPbd+
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-