General
-
Target
dpeditorexe.zip
-
Size
2.6MB
-
Sample
221129-2ynalaae5y
-
MD5
fe6fda0fe2f701f708440cef88e319a5
-
SHA1
dc5d9dc56ed372312bbd6c49bb5b1f387d3249a7
-
SHA256
9c4a74d7c7b7427e158c569a0bbac64b8828be8f02c57f39db5703864d4cb3e7
-
SHA512
231208947bc81e1236545e4fbfe49328c9c410250355d86e6ff09eb1a1f76566f1cd77f39505056f6d237fdad0f1a61763b73c2a50377a4980240f3acf8dbe37
-
SSDEEP
49152:FjoqaTRk6fMek5Xx5cmPudbWIvPV/1RxAIHegJ1Lf8Sjnh2hgDDgt5AaTI5d:WTR1fMe2ckudbWI3VNRxAIfJqU2KcAUI
Behavioral task
behavioral1
Sample
1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f.bin
-
Size
2.6MB
-
MD5
5a679f91f3a906f7b63c05a31bcf32bd
-
SHA1
18b912daf118dcc7b1ca6cf7ab81546f90692166
-
SHA256
1126afb8beb2053a892e2c330efaa88163da3079b208b1b74d12bb7454b3371f
-
SHA512
7ff3dec8ae9c7e5b314ee49f0154458e89257765f51a4a2846185edca63f34758fc5b9a08ee1215291ba31a7e497b847e220f6af2d40d5da0de2d01bbb7099a9
-
SSDEEP
49152:EoayXc1xkHzPkkD8PMp7sdJtA1um8Re38jDESHO00lDjrKGlUH:uic/kHriMcs17sj4znrC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-