General
-
Target
Test.exe
-
Size
5.4MB
-
Sample
230321-stvdnsbg25
-
MD5
428495b8dd7c2437805efeab81675f4f
-
SHA1
31fb8f78e4aff82ce3091f586e0c5df5740f7d81
-
SHA256
7b4da91bb8eb7603f18166d6f2adfac93beb68b4708746903345a428c2683ed8
-
SHA512
ccf202efbbf0c474ac62b31e4b89a722574179461170a97228c5dc2d2f17ab993a34f3b238e29b4a0e32a1acc327efaf713b1639a42ead1e982cf698f7ae6c2e
-
SSDEEP
98304:Zo7mHQ5RkLw7SylTk30U3ouvpH/VRcsXfWDH4wk+vmpoy3s7FHQfQwyP:ZoFQTylTk30EH/Df0u+fy4OyP
Static task
static1
Behavioral task
behavioral1
Sample
Test.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Test.exe
-
Size
5.4MB
-
MD5
428495b8dd7c2437805efeab81675f4f
-
SHA1
31fb8f78e4aff82ce3091f586e0c5df5740f7d81
-
SHA256
7b4da91bb8eb7603f18166d6f2adfac93beb68b4708746903345a428c2683ed8
-
SHA512
ccf202efbbf0c474ac62b31e4b89a722574179461170a97228c5dc2d2f17ab993a34f3b238e29b4a0e32a1acc327efaf713b1639a42ead1e982cf698f7ae6c2e
-
SSDEEP
98304:Zo7mHQ5RkLw7SylTk30U3ouvpH/VRcsXfWDH4wk+vmpoy3s7FHQfQwyP:ZoFQTylTk30EH/Df0u+fy4OyP
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-