General
-
Target
e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5
-
Size
24KB
-
Sample
221227-fp6vpaec59
-
MD5
c27c64b3486d60f8efef2e10275faa02
-
SHA1
af8a9089ed5983b07b2dfa93726a89e9aaec5958
-
SHA256
e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5
-
SHA512
2d168d3ff62ac7e2d42a842592b589eff5d50edf6402a51fb778f37d0eb8c5f00ff5aa6a2029ddf54ccabc23889160ef454178839eb472877e9a487bb0d85787
-
SSDEEP
192:dJw/Pr9rzr3YnwiEKag81razNTPYOVO6qIUoynny2syRsSW0/g6K:jw/jpHowiCg8Bq9Pqdty2s6
Static task
static1
Behavioral task
behavioral1
Sample
e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5
-
Size
24KB
-
MD5
c27c64b3486d60f8efef2e10275faa02
-
SHA1
af8a9089ed5983b07b2dfa93726a89e9aaec5958
-
SHA256
e88ff50269a6ce98b53e4d07d536298de7c57bb47d07dc96a0ff8d3cbe3a61a5
-
SHA512
2d168d3ff62ac7e2d42a842592b589eff5d50edf6402a51fb778f37d0eb8c5f00ff5aa6a2029ddf54ccabc23889160ef454178839eb472877e9a487bb0d85787
-
SSDEEP
192:dJw/Pr9rzr3YnwiEKag81razNTPYOVO6qIUoynny2syRsSW0/g6K:jw/jpHowiCg8Bq9Pqdty2s6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-