General
-
Target
8488830880.zip
-
Size
5MB
-
Sample
221129-kph6vagb71
-
MD5
d78be2805949220d0445ba8afad30b10
-
SHA1
6d34fcb5f25ca7c450b43bf75e8b32088600a0fa
-
SHA256
fe969a76931916543135b86299ba3211693c10a745470cc1411a1204acf9e0c5
-
SHA512
9c1490425f51ee478487bbc5f3faa31b1191087f2ab818a67a81e0972be5e62fee35769b2ae8125077f156f40e140f2fca96cfdfd097455c446ae3cacff98579
-
SSDEEP
98304:bWwQdNgWsPVcGuaKwVmPkeClGVqBJ0jnE6HEXgBj6lG7csTwb/tx+dgf3mElnm:bA2VcBkVGbSynE6HNBWlGgn/qdumElnm
Behavioral task
behavioral1
Sample
dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
-
Size
5MB
-
MD5
104dd8e3bf957c6cf7da52c546405ab7
-
SHA1
2623754939b50204e06d94ae62eb6afc6587f69a
-
SHA256
dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
-
SHA512
435f7b869769d3a1642c84f3b081c5e93e22c4fd96f7aa82c9d8201b539106bddc0b047348d92bc752a6d9afcd97bfe1e84eaa20a036d92593806de7adc99628
-
SSDEEP
98304:NEp+KwDQdGp//3wHhGizimMxJlqyIZybWHOpjecBF7yx2h5UO1VQxznJZ531:NEp+fDQdGp3wBGgovqZfHOxtBB62DI
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-