General
-
Target
Android.Physical.NET.exe
-
Size
4.8MB
-
Sample
230320-zelasahc5x
-
MD5
dae3dd705e0a212341bc87e802e33d78
-
SHA1
7a1f623c240e9e234f60fb398f5dc76ac7ff1abd
-
SHA256
801ff04c7991bc26427b68f575aa7c6e6b77930b9cadeb3617fe6c6cedb1e67d
-
SHA512
ac8849adfbf59551f9d6bad64d231d4aa1c8d21a46bd225ac5aab96f4e4d27b3634529223bcbc103cb905685471ca12e5c07f2105160f4978bfe92340ee79b4b
-
SSDEEP
98304:AWwOKgOLG3MR6HlLIG73MhX8qXEdbyWKQil51NN0z:qOBPl8GK8q22WGNNs
Behavioral task
behavioral1
Sample
Android.Physical.NET.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Android.Physical.NET.exe
-
Size
4.8MB
-
MD5
dae3dd705e0a212341bc87e802e33d78
-
SHA1
7a1f623c240e9e234f60fb398f5dc76ac7ff1abd
-
SHA256
801ff04c7991bc26427b68f575aa7c6e6b77930b9cadeb3617fe6c6cedb1e67d
-
SHA512
ac8849adfbf59551f9d6bad64d231d4aa1c8d21a46bd225ac5aab96f4e4d27b3634529223bcbc103cb905685471ca12e5c07f2105160f4978bfe92340ee79b4b
-
SSDEEP
98304:AWwOKgOLG3MR6HlLIG73MhX8qXEdbyWKQil51NN0z:qOBPl8GK8q22WGNNs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-