General
-
Target
2a9e7c533ef29c4c39ee61f7154d18c6
-
Size
4.9MB
-
Sample
230321-ggelxaah71
-
MD5
2a9e7c533ef29c4c39ee61f7154d18c6
-
SHA1
6d288064e15bf370ae49ca7b1bd4a906c403e821
-
SHA256
5ca073902855e78c2225d74c98ea68c4c7b0235c53150e3a6986b73934f19062
-
SHA512
987f4581405f99461634534b8cb35a20f37700bf5ce463e24a53ea3dec9740aeb7d0b2300943ae74ae857bcad0cc71f0cccdd580ac7249c1f51c8c002f85c75d
-
SSDEEP
98304:Z7mSREy3EB1ZucSijV6lMo5ikEwhqr7nANR:Z3R735cS8Evhqra
Behavioral task
behavioral1
Sample
2a9e7c533ef29c4c39ee61f7154d18c6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2a9e7c533ef29c4c39ee61f7154d18c6.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
2a9e7c533ef29c4c39ee61f7154d18c6
-
Size
4.9MB
-
MD5
2a9e7c533ef29c4c39ee61f7154d18c6
-
SHA1
6d288064e15bf370ae49ca7b1bd4a906c403e821
-
SHA256
5ca073902855e78c2225d74c98ea68c4c7b0235c53150e3a6986b73934f19062
-
SHA512
987f4581405f99461634534b8cb35a20f37700bf5ce463e24a53ea3dec9740aeb7d0b2300943ae74ae857bcad0cc71f0cccdd580ac7249c1f51c8c002f85c75d
-
SSDEEP
98304:Z7mSREy3EB1ZucSijV6lMo5ikEwhqr7nANR:Z3R735cS8Evhqra
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-