General
-
Target
BandicamScreenRecorder.exe
-
Size
52.6MB
-
Sample
230322-x1c57aah37
-
MD5
d740f2075e4e5138d81379da576f1ec9
-
SHA1
3c916466753ef155c7cd64ae90ed987cb04f7385
-
SHA256
745085510ff4431bb1427bdce3f1eb8396d42175fb66fb28220851a8aadddf54
-
SHA512
b911c2f7c935518e5befc8d53eab0ff6bd52379a51500f7213a3eeee7a20d9443913dc9c538839a92918d412acbf97d1f9f85abe990908e1fa338cb9f6c77b24
-
SSDEEP
1572864:Xxte3/h4OwmO9z/NfdTCCsl0KvqqoVWiI17zdNAx:XxM3Gn/N5tsFvqxVO17zdNAx
Static task
static1
Behavioral task
behavioral1
Sample
BandicamScreenRecorder.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
BandicamScreenRecorder.exe
-
Size
52.6MB
-
MD5
d740f2075e4e5138d81379da576f1ec9
-
SHA1
3c916466753ef155c7cd64ae90ed987cb04f7385
-
SHA256
745085510ff4431bb1427bdce3f1eb8396d42175fb66fb28220851a8aadddf54
-
SHA512
b911c2f7c935518e5befc8d53eab0ff6bd52379a51500f7213a3eeee7a20d9443913dc9c538839a92918d412acbf97d1f9f85abe990908e1fa338cb9f6c77b24
-
SSDEEP
1572864:Xxte3/h4OwmO9z/NfdTCCsl0KvqqoVWiI17zdNAx:XxM3Gn/N5tsFvqxVO17zdNAx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-