General
-
Target
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf
-
Size
888KB
-
Sample
221123-vxjgpadb7x
-
MD5
320043506d947a4a10cede56e2fd6a17
-
SHA1
531f48e46e2aa59d4e326dfb4d97bbfcd047d054
-
SHA256
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf
-
SHA512
9126ca0a300516a214b5e45c06831af0f25a539a3cf7c427007b03a92cb8be767d13b5ae9f2ab0597bb1181b44c10c05bfb94d3bb863ca4bbe647b3433632d65
-
SSDEEP
12288:SJkRpc6Q+qXScvMuAs0eb71hBpj5SbSh8Z01vjjWfb+OO0Lpeh2vQB0Xkk3JZF:2suT7Vv7BPSbSh6kCfq0L4a53JZ
Static task
static1
Behavioral task
behavioral1
Sample
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: ftp- Host:
ftp.homevirtua.dominiotemporario.com - Port:
21 - Username:
homevirtua - Password:
10203040oi
Targets
-
-
Target
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf
-
Size
888KB
-
MD5
320043506d947a4a10cede56e2fd6a17
-
SHA1
531f48e46e2aa59d4e326dfb4d97bbfcd047d054
-
SHA256
7717a4cd9f7425cc69ce95d682d59af1f519b60981d198dbc0e4ee80c08a8daf
-
SHA512
9126ca0a300516a214b5e45c06831af0f25a539a3cf7c427007b03a92cb8be767d13b5ae9f2ab0597bb1181b44c10c05bfb94d3bb863ca4bbe647b3433632d65
-
SSDEEP
12288:SJkRpc6Q+qXScvMuAs0eb71hBpj5SbSh8Z01vjjWfb+OO0Lpeh2vQB0Xkk3JZF:2suT7Vv7BPSbSh6kCfq0L4a53JZ
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-