General
-
Target
AridekVM.exe
-
Size
12.9MB
-
Sample
230326-nfs68sgc86
-
MD5
7550996532016fa5bb2e7fcee4fbf1a4
-
SHA1
e0f0d2b17c03477196209ee9635f2a11283027d8
-
SHA256
c0afd7d86cb0586db959d19db36345676437acb53140ea9d91e6201041cadae7
-
SHA512
935714dc724e7c3e0f02fff28e0cf8c4eec81a3ea2c3c79669e99837fc77ac15e62456cda11771943c578075a6c74e6d01512c7e90048d527c96f60df18ef131
-
SSDEEP
196608:dEGgxWcn/V+7huajaJ+RWgKf4it0d3sbPKjGyhZvEwrPjVlQozzB4dDTe:dEjxWKNihNaJEW4Wis+DMwnQxi
Behavioral task
behavioral1
Sample
AridekVM.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
AridekVM.exe
-
Size
12.9MB
-
MD5
7550996532016fa5bb2e7fcee4fbf1a4
-
SHA1
e0f0d2b17c03477196209ee9635f2a11283027d8
-
SHA256
c0afd7d86cb0586db959d19db36345676437acb53140ea9d91e6201041cadae7
-
SHA512
935714dc724e7c3e0f02fff28e0cf8c4eec81a3ea2c3c79669e99837fc77ac15e62456cda11771943c578075a6c74e6d01512c7e90048d527c96f60df18ef131
-
SSDEEP
196608:dEGgxWcn/V+7huajaJ+RWgKf4it0d3sbPKjGyhZvEwrPjVlQozzB4dDTe:dEjxWKNihNaJEW4Wis+DMwnQxi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-