General
-
Target
app.zip
-
Size
35.6MB
-
Sample
230303-szdccaab25
-
MD5
0706934b583c6f16658dacde622b069c
-
SHA1
50b35c7e17d6648506218514de118cc53bace117
-
SHA256
b2ea2db85701beaa20360d20e80b51c19dc47ca4317825c8b33cf5aebb9f989f
-
SHA512
1e893025244ce579f1e211d1918af94cab46f3ab235be5233cf47c923e1e3f6d0d46f02eee061ea3d32c9c6df54c14d4d0dc79a810b0efe7c91c64cbd8e94126
-
SSDEEP
786432:tCQ19npbuoEFfpMz6/fERvqf1Oct3zC/XwmSUbdUceEt77cWYNSUl4s/86Dgrhti:fnluo+2+/fYK1Of/L6WYcc4shgr3jTbG
Static task
static1
Behavioral task
behavioral1
Sample
windows.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
windows.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
winvetxvdf33
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
winvetxvdf33
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
windows.exe
-
Size
5.3MB
-
MD5
6fd40c6b89a1719188980d7550fc37fc
-
SHA1
7e40eaca74b67de2d0cec3046ff25a9102b88560
-
SHA256
fa967cdd39a4a0bbb104c1723966c81f6c58e3dba6f8ff3371143512b5ce35ea
-
SHA512
99ebfb328b117041d4feaebe80fa7b4dbeb280daa4e51bd59aef73dce683ab4b292b44c3410b59bec42c5f4e676bb9eb822bd1469a2fdcc8929b8fb9af80fc12
-
SSDEEP
98304:U/wN6vaQpuq4Tj0TgTQ4M+7LWVNtVPOK2Q3JAH24O6V6DsFR708u:C+VpsTn4h3AYOg2J6Io0l
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
winvetxvdf33
-
Size
89.4MB
-
MD5
7ae5b871adf23e664bcaa2f0ec561426
-
SHA1
85d2f4babeffbcae18c518d0fb0c6d9d040fe453
-
SHA256
52dbc942b17fd3a618c970929abaead0a257e67b46b73545f74bab7b6c4a0286
-
SHA512
f8de50b722c4076d4711822de1c430314032c22a3015edf0ff0aac2cb1b74506628a8190d1e89fb093b1958d831b2dbbef762fd79e7b33622ac9898c6b4103a7
-
SSDEEP
786432:i+3Sx3qBAPlNTESksRl0mITsapogDtLIBlsn4U9wlOxngm+Zu6:/SgavcsRfNapeBl6N9wYdZt6
Score1/10 -