General
-
Target
Roles_External.exe
-
Size
9.0MB
-
Sample
230312-zvywtafd32
-
MD5
002ad7c91deb54e30a919846fe124eaf
-
SHA1
cb092513ae675fe243d92328310471f09b51267a
-
SHA256
e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe
-
SHA512
2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7
-
SSDEEP
196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1
Malware Config
Targets
-
-
Target
Roles_External.exe
-
Size
9.0MB
-
MD5
002ad7c91deb54e30a919846fe124eaf
-
SHA1
cb092513ae675fe243d92328310471f09b51267a
-
SHA256
e9d01a1df753a60c21218dc713bf5b2fa95cd82ceb0f760afd1027249812aabe
-
SHA512
2e873b8ec2d32ba60117c6423d7bfca9da830870e0238044a1d50fdb0784598ef20325ff62462c6f88078ddc385dfd854f36f8b47aae9610c83a6d5f92b97fd7
-
SSDEEP
196608:p7tXDri3gUyVl21VNlNNjx4MLm6iE8y4HCh4Iv9o9qmDmHYmGN1:pJTrznCJjxpi6iE8y2Ch4MaPm4mO1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-