General
-
Target
PCHunter64_new.exe
-
Size
6.8MB
-
Sample
221129-lsdwzage43
-
MD5
a2ed2bf5957b0b2d33eb778a443d15d0
-
SHA1
889b45e70070c3ef4b8cd900fdc43140a5ed8105
-
SHA256
866f59529cf4e0a4c2c4bcd2b9d5d18ece73bf99470ea1be81b26f91b586b174
-
SHA512
b50b7416bc75324866407e08fd9bb29b0abed501e0720bb77721ce4922d7512221f93becc9cd37efd73b4bf0984d4db5a4da13e896f988256333d972e22ffba8
-
SSDEEP
98304:9/oLQtqGhZrqNPMethNf9LemgaIhyZKylL+bKtOK6d6ZyrcWfQubWXk:9z7rqeer3VIhGNcKtOK6d6QrJIlk
Behavioral task
behavioral1
Sample
PCHunter64_new.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PCHunter64_new.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
PCHunter64_new.exe
-
Size
6.8MB
-
MD5
a2ed2bf5957b0b2d33eb778a443d15d0
-
SHA1
889b45e70070c3ef4b8cd900fdc43140a5ed8105
-
SHA256
866f59529cf4e0a4c2c4bcd2b9d5d18ece73bf99470ea1be81b26f91b586b174
-
SHA512
b50b7416bc75324866407e08fd9bb29b0abed501e0720bb77721ce4922d7512221f93becc9cd37efd73b4bf0984d4db5a4da13e896f988256333d972e22ffba8
-
SSDEEP
98304:9/oLQtqGhZrqNPMethNf9LemgaIhyZKylL+bKtOK6d6ZyrcWfQubWXk:9z7rqeer3VIhGNcKtOK6d6QrJIlk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-