General
-
Target
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f
-
Size
4.7MB
-
Sample
221126-26qexscb46
-
MD5
16a0ad98770a461b9f84caaa20641599
-
SHA1
906befb762cd0a75073084460db95b3a7ab1003e
-
SHA256
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f
-
SHA512
cd70445f68a04ddac9fd3e4bc5f7e325c18637ef4275760c73477dc4d2c7e970c2158d13697f53d91e950b5f92e15bf88370b8c1cd5362259fe8313dfec40210
-
SSDEEP
98304:8VffkDbJ9Djd6uxcOZV0V00a2Zzsq2LBtYgY1uJydPkL/5A4ki:8KDNR56uG+V0V0SqLBtB86Rqi
Static task
static1
Behavioral task
behavioral1
Sample
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f
-
Size
4.7MB
-
MD5
16a0ad98770a461b9f84caaa20641599
-
SHA1
906befb762cd0a75073084460db95b3a7ab1003e
-
SHA256
80e80730b224311b7b5c57ee767bb4fe0da6c6448ddfc0552a8c9b4ed6bfc32f
-
SHA512
cd70445f68a04ddac9fd3e4bc5f7e325c18637ef4275760c73477dc4d2c7e970c2158d13697f53d91e950b5f92e15bf88370b8c1cd5362259fe8313dfec40210
-
SSDEEP
98304:8VffkDbJ9Djd6uxcOZV0V00a2Zzsq2LBtYgY1uJydPkL/5A4ki:8KDNR56uG+V0V0SqLBtB86Rqi
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-