General
-
Target
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b
-
Size
10.8MB
-
Sample
221124-z1x7gaab68
-
MD5
04741ce80ce4ae177068045d56bb28cb
-
SHA1
3b168c52699f30f57e958f076f62c7dc3402d54b
-
SHA256
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b
-
SHA512
e3364ec59babb6a5abed5eef0f5f14f7f22da1e0dea2dab709cc79d60acc3abb8de12fa3c23078a47bcb1a6a8fb106d8c985baf10b51a7dedb77b8c1c755fb35
-
SSDEEP
196608:NJWbygALvT+to4JH5zLMGUln49JH9HjPD+vCcHqPiuvnt:AygALyoOoAJH1yvRUiu
Static task
static1
Behavioral task
behavioral1
Sample
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b
-
Size
10.8MB
-
MD5
04741ce80ce4ae177068045d56bb28cb
-
SHA1
3b168c52699f30f57e958f076f62c7dc3402d54b
-
SHA256
a6a2eacfe4ce627b3a4e9056e5216f55d77767d658e1867feac174b08724e46b
-
SHA512
e3364ec59babb6a5abed5eef0f5f14f7f22da1e0dea2dab709cc79d60acc3abb8de12fa3c23078a47bcb1a6a8fb106d8c985baf10b51a7dedb77b8c1c755fb35
-
SSDEEP
196608:NJWbygALvT+to4JH5zLMGUln49JH9HjPD+vCcHqPiuvnt:AygALyoOoAJH1yvRUiu
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-