General
-
Target
a72767d9d84df7b61c0917686fce1ebb4e6326775d4eb8dbf3a31b48e6ce1307
-
Size
4.3MB
-
Sample
221127-mmqh9aed4s
-
MD5
36250c89ca5b64921e3a949ec537f48a
-
SHA1
688c823ce6a41cc94f5b85f7953f599c70a41630
-
SHA256
a72767d9d84df7b61c0917686fce1ebb4e6326775d4eb8dbf3a31b48e6ce1307
-
SHA512
60f7b66b9e5c7b7625ebd9ea8b0b2cfe8570a2d74eb38f13dc88cfe23adba40c2ca8a22cd59e3f3e3dc9c43febdf1408175ef600a066edfc0af043808943efe2
-
SSDEEP
98304:qRnvFlFHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3QV:qRv/HdjjqPdDsDbsU0akJyxL405+fiX
Behavioral task
behavioral1
Sample
a72767d9d84df7b61c0917686fce1ebb4e6326775d4eb8dbf3a31b48e6ce1307.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
a72767d9d84df7b61c0917686fce1ebb4e6326775d4eb8dbf3a31b48e6ce1307
-
Size
4.3MB
-
MD5
36250c89ca5b64921e3a949ec537f48a
-
SHA1
688c823ce6a41cc94f5b85f7953f599c70a41630
-
SHA256
a72767d9d84df7b61c0917686fce1ebb4e6326775d4eb8dbf3a31b48e6ce1307
-
SHA512
60f7b66b9e5c7b7625ebd9ea8b0b2cfe8570a2d74eb38f13dc88cfe23adba40c2ca8a22cd59e3f3e3dc9c43febdf1408175ef600a066edfc0af043808943efe2
-
SSDEEP
98304:qRnvFlFHpNeV/riwz58R42is6e3RXjOWDucCnp1DA9sv7o2s2kbsUOEGx4VKP3QV:qRv/HdjjqPdDsDbsU0akJyxL405+fiX
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-