1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf | Triage

Submit
Reports

Overview

overview

9

Static

static

1

1f43703d21...cf.exe

windows7-x64

9

1f43703d21...cf.exe

windows10-2004-x64

9

Sharing

General

Target

1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
Size

2.4MB
Sample

230306-lkgmwsbe69
MD5

d948d4b6db5d6d6e2e1ba6c0fa4bf008
SHA1

05846d5b1d37ee2d716140de4f4f984cf1e631d1
SHA256

1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
SHA512

fce681b3721eaf87f27b758782095e34665517ea4e0529cf18b32c4d0d5270ec40c8acf296ad2665e60a6e7e0430807f87e01e3a145902c9fea2a3c83100c15d
SSDEEP

49152:AjY216rMHabk161nZDmcQt8O4BY3+lu2OtXED355:k3YdnZDmcQP6YO/OtXEf

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf.exe

Resource

win7-20230220-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
- Size
  
  2.4MB
- MD5
  
  d948d4b6db5d6d6e2e1ba6c0fa4bf008
- SHA1
  
  05846d5b1d37ee2d716140de4f4f984cf1e631d1
- SHA256
  
  1f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
- SHA512
  
  fce681b3721eaf87f27b758782095e34665517ea4e0529cf18b32c4d0d5270ec40c8acf296ad2665e60a6e7e0430807f87e01e3a145902c9fea2a3c83100c15d
- SSDEEP
  
  49152:AjY216rMHabk161nZDmcQt8O4BY3+lu2OtXED355:k3YdnZDmcQP6YO/OtXEf
Score

9^/10

evasion
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy