General
-
Target
setup_x64.zip
-
Size
5.2MB
-
Sample
230316-a8869sgb75
-
MD5
8be0a5bbf729e0bc6f5fbc87c186a541
-
SHA1
cecdfdc4ef75e0986dfbf30e891f81912ccdb33a
-
SHA256
63daa075e81592f7980f96d08ca80b0d6c8f835de1ddc8681565043c3dc871df
-
SHA512
a404d761eb6542a8bced841b5b6271e1b52954058b9a76cec049d3a5e0ed98b1709737992d0026a26ee7004e686415638c84d3fa359ace4ceea0a678fd028ecd
-
SSDEEP
98304:aHIHmIjbRPxAO2MXzEyXRfdt7rH3OLHSeJyWLoLkxGXU/RwTDnmXUeW2v:aoGuxxAO2MDEyXrtPFH4xGXEwPTW
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
setupapi.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
setupapi.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
verifier.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
verifier.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
version.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
version.dll
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
5.4MB
-
MD5
e6ea101f6b54bdad1b08749e298aff4d
-
SHA1
a9893f6f54b09f6e027d1d57ccaa337ab5437509
-
SHA256
933d3a8d9e9de04ac5a6461f70d01cfa5aafe1aa91d9e0a9549c0dd9934e46d7
-
SHA512
12367448815c1d2dd55448370d038c420d1fee0b7a796c0ee598fdeb21d38a11492a614d412edc36f4a36f5ec36732c273f6fd2a7d6a611cf6cd19fc787186ea
-
SSDEEP
98304:Gf0zekP19unpe6M/TTmTUYpjo6ORHkUtFOtat9TV/+Yu:R1jmpjoBJKYpi
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
setupapi.dll
-
Size
4.5MB
-
MD5
a2d16ec8a9c7e90bb39869372b482aff
-
SHA1
559944e259019493f3b7a68ee9d3d80efe3be0c6
-
SHA256
6f898b40fb49d1ae7f4bdb737ebd891c7019575f6700a63ea14d7bad4cf609ff
-
SHA512
b9ec3cddf5aa76ee8f9ea3c18ab66b8bf8dd860440eb791995b9f86aeadcbf5ab1b9e5e1cdb58d29a6ecc02212bce64201c1657f11f0acbe01cf73be6e7de0ea
-
SSDEEP
49152:lJZ7dS3oCGBDDkPOpxATxM40gaY/TQ3SDJ2oGW8IdctHle7M4HP1YUKIT+NuXVRJ:ljtfnATxBBU3SDJpTOuXVRWxS5F
Score5/10-
Drops file in System32 directory
-
-
-
Target
verifier.dll
-
Size
386KB
-
MD5
adf0f2f7ab69b71e73895fd23949b318
-
SHA1
ffd20ff94c647d49513d0abb24415e3d72c6babf
-
SHA256
c1228eb181ac5fc2b6f8404404d6c5e04d78d7c85c4502d1453ead4616f21a28
-
SHA512
38424bb115151a47babd7a19e0fd48cc208609bfbf57b63430eaa1cd1aaca08247ae88de056c244bda172e648359d8fc3de98d0d379b3c4b0f34db4567d35b4d
-
SSDEEP
3072:40j7r+nepRUtySYKWxZRjPYas35zrdbqK4n3tZXUi928Fh5wYFQxV3Zsd8TUnIXT:Bv62RyySYFZFgaSN9Q9ZXUgh5VMnL
Score1/10 -
-
-
Target
version.dll
-
Size
30KB
-
MD5
17c1e1099b65051bb6dec71fea37315b
-
SHA1
8ed26469afbd53da7749ef9c6ab8c7f010e9bb1e
-
SHA256
e549d528fee40208df2dd911c2d96b29d02df7bef9b30c93285f4a2f3e1ad5b0
-
SHA512
e5274c47786f14c4275307c80d0eca48797267d32b069aed30993e571ead0289652e1254bd2ecabef3b2bc2039504e156ed2eae9c2c280b31034fa457a32ea79
-
SSDEEP
768:FrAO9YmckVPxIiTAqMwwyg2ulzxAfv5r6wD1Pe3pU:FrnYmckVPxIiTAqMwm2ulzxAfv1Pe6
Score3/10 -