General
-
Target
GRIM_-_SOFTWARE.exe
-
Size
3.8MB
-
Sample
230325-2sr2laef53
-
MD5
6d7e1336a7185a2049c09429cc980b75
-
SHA1
fd2de69db4416363fb6e34b42e0510256e0e28aa
-
SHA256
01324ea7cc70df8163a950920606ec33375dd911b5297bf6d204939d19a1ffcb
-
SHA512
88cf6bfc2deb543e0644100c7a3d547bd18a1e05715a4554d7c45a21a608bbf8821e0427630de9298197477dd5df2317c2c5c2aa01c1cbfe3a7b5531f91547e0
-
SSDEEP
98304:s/dtvQLaLimy/whXcohnwA3wPiee6R8dqFedrh1NqYQ8wUkdqz54v8mY:gdt8my/ysoBDAPiURzenxuc4k1
Behavioral task
behavioral1
Sample
GRIM_-_SOFTWARE.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
GRIM_-_SOFTWARE.exe
-
Size
3.8MB
-
MD5
6d7e1336a7185a2049c09429cc980b75
-
SHA1
fd2de69db4416363fb6e34b42e0510256e0e28aa
-
SHA256
01324ea7cc70df8163a950920606ec33375dd911b5297bf6d204939d19a1ffcb
-
SHA512
88cf6bfc2deb543e0644100c7a3d547bd18a1e05715a4554d7c45a21a608bbf8821e0427630de9298197477dd5df2317c2c5c2aa01c1cbfe3a7b5531f91547e0
-
SSDEEP
98304:s/dtvQLaLimy/whXcohnwA3wPiee6R8dqFedrh1NqYQ8wUkdqz54v8mY:gdt8my/ysoBDAPiURzenxuc4k1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-