General
-
Target
8f9b12d8518bff659a4d842d42a300ef4c84d77e812d15c9fb67c1e8fa903df5
-
Size
2.5MB
-
Sample
221123-xr4xjsah2v
-
MD5
ac53cfacf112c4c9a89ee23b9ab90a28
-
SHA1
8c94ef7630e751244c4e25e9137917919dcbd011
-
SHA256
8f9b12d8518bff659a4d842d42a300ef4c84d77e812d15c9fb67c1e8fa903df5
-
SHA512
857cccbd52ede3859e8830050830eeec215b20b5c69863b68bb4f77c516f9e8dde9fbc3a5525c6856517eb9bee774e85482a005b0d0e85d30b4e1596e97e442a
-
SSDEEP
49152:t6Brb9CO8E9O336/faXLVOsqo4f5SMi07X13NJ8aznkWDVZEDBE5N6ETtYg4f:tirJa8OH7bVtbMioP8aznkW15NDuXf
Static task
static1
Behavioral task
behavioral1
Sample
СЧЕТ-ФАКТУРА № 000835 от 26.08.2014.scr
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
СЧЕТ-ФАКТУРА № 000835 от 26.08.2014.scr
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
СЧЕТ-ФАКТУРА № 000835 от 26.08.2014.scr
-
Size
2.9MB
-
MD5
68cbf4a764bd3da616b6426f8ee2fd42
-
SHA1
69deb224d550f4589e10170005ad862748964b9a
-
SHA256
be1363a19716c5e32da206ba6dcca80681152a91d67379128352655d0317b775
-
SHA512
0b511fb4cd3bf5df846f48faf062f1245dc79697429a64d7c4854554ef088bfc36fa6ce3328eadd468e52a3f90d4775796ede7506e361a9051b149a3170d9d71
-
SSDEEP
49152:zMtQqMq0Yya4SOHZ3+TFTdclL/4J8200q5VWy7EeNmpQ1qocB+t/5m/hN/cM/q7P:otQLLY73OH0dclL/4JoPtQAmpQ1qoc2V
Score10/10-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-