General
-
Target
Update.zip
-
Size
35.7MB
-
Sample
230119-al4m9sac9y
-
MD5
1c950d3f6ebe961fc40584d71ff2a20e
-
SHA1
829b36c08b416cde3be333dc2f91eab5ec96fe54
-
SHA256
3a252ea82333db3b0190b6d1b842b0ef9a6dd4483c4bfb12e5432978e9253ab5
-
SHA512
2b9c4991bff45a8623e005b8dd7bc700ceaaafbeadb713fdbc279d618ade8d916422724935e4a2f492fd05a4adbbee6afcf614c45cb73827e4405b84495a2256
-
SSDEEP
786432:f6oCqpfbh7XlE4M1nHFer3hOs3hkhgiSF5Io4VeNp9+t6+Os0Whuhr2Wv9xpXygf:iopNlLGvnIr3hOs3a2iSDNr+4+OYWv9l
Static task
static1
Behavioral task
behavioral1
Sample
Update.zip
Resource
win10-20220812-es
Behavioral task
behavioral2
Sample
Update.zip
Resource
win10v2004-20221111-es
Malware Config
Targets
-
-
Target
Update.zip
-
Size
35.7MB
-
MD5
1c950d3f6ebe961fc40584d71ff2a20e
-
SHA1
829b36c08b416cde3be333dc2f91eab5ec96fe54
-
SHA256
3a252ea82333db3b0190b6d1b842b0ef9a6dd4483c4bfb12e5432978e9253ab5
-
SHA512
2b9c4991bff45a8623e005b8dd7bc700ceaaafbeadb713fdbc279d618ade8d916422724935e4a2f492fd05a4adbbee6afcf614c45cb73827e4405b84495a2256
-
SSDEEP
786432:f6oCqpfbh7XlE4M1nHFer3hOs3hkhgiSF5Io4VeNp9+t6+Os0Whuhr2Wv9xpXygf:iopNlLGvnIr3hOs3a2iSDNr+4+OYWv9l
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-