General
-
Target
Loader.exe
-
Size
3.6MB
-
Sample
230324-2v7vtshh32
-
MD5
9485ef4eb4927403cb0f1b40563e7d83
-
SHA1
97f4105f7a911d7b9f9028bac945aad687e12949
-
SHA256
4c947ca6cbc5ab813b051bb5ea739842b7c9b46e1d27f8dcc0ef881139ca482f
-
SHA512
13f110ee534bb13cf5b3120bdf9a2acc0acf0d70bbc902442f985739be742b4b015df08b9ff2dce4625e7fc500cf80f02cb36ef660926148948df92d0dca5a3b
-
SSDEEP
49152:DV961jhCeR2FNyAphBiyAVO9Enl0xeIGcS9EOoLNBF6FUVMP96BxMM3m9xCTCEBn:DKx48AphuVPeAIGcS9EO8NPVMVWTvJ
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
3.6MB
-
MD5
9485ef4eb4927403cb0f1b40563e7d83
-
SHA1
97f4105f7a911d7b9f9028bac945aad687e12949
-
SHA256
4c947ca6cbc5ab813b051bb5ea739842b7c9b46e1d27f8dcc0ef881139ca482f
-
SHA512
13f110ee534bb13cf5b3120bdf9a2acc0acf0d70bbc902442f985739be742b4b015df08b9ff2dce4625e7fc500cf80f02cb36ef660926148948df92d0dca5a3b
-
SSDEEP
49152:DV961jhCeR2FNyAphBiyAVO9Enl0xeIGcS9EOoLNBF6FUVMP96BxMM3m9xCTCEBn:DKx48AphuVPeAIGcS9EO8NPVMVWTvJ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-