General
-
Target
aa0f430e5c143bfaec8a9a5c46b3cb0b7f16b9defad69cf677c4a8879eb9bcd7
-
Size
2.0MB
-
Sample
221129-znh7saab3y
-
MD5
cc888e112e6212bc0a77c5628ceb2e23
-
SHA1
7c16d0c6349af720642109c67435236a3239d273
-
SHA256
aa0f430e5c143bfaec8a9a5c46b3cb0b7f16b9defad69cf677c4a8879eb9bcd7
-
SHA512
3b6c1121eac1d9609e2e20f923d6b80020701402a70abd3eaa7c2dc8035b047ff011c057ff101e59e4f8dcffbdd4f486f9224fb5c2336163cb9771a0612b0557
-
SSDEEP
49152:P96pwkZmHLcZEQ8L09njnxvcjxFSKmQV00ObPT+Db0KZCgHk9:5okLcZEoZg3SV3+D4jn
Static task
static1
Behavioral task
behavioral1
Sample
aa0f430e5c143bfaec8a9a5c46b3cb0b7f16b9defad69cf677c4a8879eb9bcd7.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
aa0f430e5c143bfaec8a9a5c46b3cb0b7f16b9defad69cf677c4a8879eb9bcd7
-
Size
2.0MB
-
MD5
cc888e112e6212bc0a77c5628ceb2e23
-
SHA1
7c16d0c6349af720642109c67435236a3239d273
-
SHA256
aa0f430e5c143bfaec8a9a5c46b3cb0b7f16b9defad69cf677c4a8879eb9bcd7
-
SHA512
3b6c1121eac1d9609e2e20f923d6b80020701402a70abd3eaa7c2dc8035b047ff011c057ff101e59e4f8dcffbdd4f486f9224fb5c2336163cb9771a0612b0557
-
SSDEEP
49152:P96pwkZmHLcZEQ8L09njnxvcjxFSKmQV00ObPT+Db0KZCgHk9:5okLcZEoZg3SV3+D4jn
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-