General
-
Target
SP00FER.exe
-
Size
4.1MB
-
Sample
230322-b6wntsgc2y
-
MD5
f9b3fdd86b82f26799b3e88d9a822340
-
SHA1
442f1ba90f8eb0df820e8b6376f8eca37de2956b
-
SHA256
2001a3da3bd33f036320da559c2d49b0e6b0a6b4135cbb388cbcee781d0f5cdc
-
SHA512
acf6e4986d152fd33d5d8a6646c0d9b94ef397caddee86197d9d6b72ef42570bbcfced6405fbd8b516eea984900d947d16d64cecae0e21af76cccd466594eeca
-
SSDEEP
98304:GzXwQi24+nGbXSdtfcOgJmLablHRQclN5Qz3irJ/wPKqq:GzzXZiSxOblxHEz3irJWBq
Behavioral task
behavioral1
Sample
SP00FER.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
SP00FER.exe
-
Size
4.1MB
-
MD5
f9b3fdd86b82f26799b3e88d9a822340
-
SHA1
442f1ba90f8eb0df820e8b6376f8eca37de2956b
-
SHA256
2001a3da3bd33f036320da559c2d49b0e6b0a6b4135cbb388cbcee781d0f5cdc
-
SHA512
acf6e4986d152fd33d5d8a6646c0d9b94ef397caddee86197d9d6b72ef42570bbcfced6405fbd8b516eea984900d947d16d64cecae0e21af76cccd466594eeca
-
SSDEEP
98304:GzXwQi24+nGbXSdtfcOgJmLablHRQclN5Qz3irJ/wPKqq:GzzXZiSxOblxHEz3irJWBq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-