General
-
Target
ba3e9e13da5c3cd90bd729eabbd98c5e.bin
-
Size
14.3MB
-
Sample
230319-wvcrsshe64
-
MD5
cd30f754221ce947f33781e448de094e
-
SHA1
2c5adff3bc3f8bac4edd7528a476cd25b028539f
-
SHA256
b27ce7a62e676cd9318bab38bd522f960c20caa4b966f2c1bf18708fe98c2e8b
-
SHA512
c2da3c385266979bbc37ce49423a859e392d090bd47f66d55dacbd5bd25ce100264c2e5d0148dedeb0f04a5526f191658e96761ddbf7189d440456424522e1af
-
SSDEEP
393216:3+U6RkJ4HXM6leD11RnREn/+XVMDXIi1NL3R0ViVdH/0:3mRkJEXM6kR1ZnWDXIq3mViVdHs
Behavioral task
behavioral1
Sample
BIHBXRSIVW.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
BIHBXRSIVW.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
YPRII8GSNC37Q6VEFsss.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
YPRII8GSNC37Q6VEFsss.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
BIHBXRSIVW.rCJ
-
Size
14.5MB
-
MD5
9c10a526a73893354ffda1070e3c438f
-
SHA1
ce854ebd481c03df98625619bcc258614fc19515
-
SHA256
9fc52a3f3062b09ef6fe25ceeead5bcf3f80c712e8468fe887a57fbe19884b2c
-
SHA512
56f8cdfb10cbe024842390b7878e6cc83f4c644942d3785711310583c25499111e6427e1cb6954b17edf6db1ca9275d1e823ac5b32decfd62bddc13f1d624466
-
SSDEEP
393216:y1+g8B3BQ6lV7Vb3LBgTovVLRAsDEI3mtPuQTC35BeI:y1Vs3BQmBFiMVLRAsYI3OGx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
YPRII8GSNC37Q6VEFsss
-
Size
889KB
-
MD5
03c469798bf1827d989f09f346ce95f7
-
SHA1
05e491bc1b8fbfbfdca24b565f2464137f30691e
-
SHA256
de87c8713fac002b0b0a0f9b02c4e3ebcccf65282a22f5ab5912a9da00f35c2a
-
SHA512
d95aed75dd7b2470d4e5052b4b494ad9efbb9eee42c63cf0b38f1d0275ff7b1bb8ee4cbc69d1bb219dbbf33ad3b01cea97f87fa8fe69be7f943aa4417a603238
-
SSDEEP
24576:mjSsPIqS9jL0rJ3n770E9d8qTtE4n4CucuH:GzyH0ZOqTGQ4CDu
Score1/10 -