General
-
Target
Amd.zip
-
Size
6.4MB
-
Sample
221129-r21d8ahf24
-
MD5
bee2709e1c101e80f8ae4298ecebafe1
-
SHA1
5aac68d3fdc03abb6a9f3a79d9a706b6d0de4eec
-
SHA256
0e6f2d58c9c816acc484d8f68e7b9c5e5a650ea92116bd07298e39ee00e5b57e
-
SHA512
e46a845345f2de5097b96da0954933322e24641e4a851aeae75a60d5c657015259105958570e91832926b2a84a3c05e9a0ba558608838c28e45989dc53cae02d
-
SSDEEP
98304:jGHUoDWJsY+Y34PSwZD80YDF5njGrN1YDs3yso15Cva0jLWzstCnv:jsD4Bt3wSwj+vyfYDs3e8djLWLv
Behavioral task
behavioral1
Sample
amd software.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
amd software.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
icucnv67.msi
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
icucnv67.msi
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
icudt67.msi
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
icudt67.msi
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
amd software.exe
-
Size
739.9MB
-
MD5
d4d01f5de39d146d4f9390b900acf9a5
-
SHA1
3c062831149093b704d5174e9f29accae7d8925b
-
SHA256
f5f3ce00dd2f262becf2f2d1ed5b3bcb71ce40b17fdc2aa849ec8399baa4a794
-
SHA512
71fedced374d6bf81d7c1825a3f673a43392e8ffeaaf98e520ef64f9104e706b7c1a3fb446a4fbeffc36715ef3cc3b4c40757cbf6cd27b02cc9f0564ffce7583
-
SSDEEP
98304:ejUUwRb9ct9mIc3vtlIpf2H1UjlEV9gMTZi4qNFTs1Fy0fStI0y:6wRbpFIpfsUjloPuNuFytZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
icucnv67.dll
-
Size
15KB
-
MD5
c89f7b63c258a2d8b68a4bdaf5bbb2d4
-
SHA1
b1181f70adef2cfc1b884aa4a895984843ca326c
-
SHA256
ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
-
SHA512
39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47
-
SSDEEP
192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9
Score8/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
icudt67.dll
-
Size
15KB
-
MD5
d73b8ebe06c05cddad49297f668b481e
-
SHA1
44b139944043d4c4c5a33e1782cd8256f3fa70aa
-
SHA256
6bb13375779535aa693f51038540381efba654676b1471a10b61c5ad616fb81e
-
SHA512
8dfe75a0219fa67803da33adea82f6e08fd568c938adad3174f9248f060306e4725852282538691a22fff29a9cd50af66c9d884c94f15c9ed392b9f3048844d6
-
SSDEEP
192:NFNMi7v56OIYiYF8rVs9+qARrk3WJfsHR9y2sE9jBFL2UzZQp:NF6idIYiI9yrk34i/8E9VFL2UtQ
Score8/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-