General
-
Target
f61c6e87196997c3cd59c878395d6956904798d5330add9296bc54ad48c59a5b
-
Size
3.4MB
-
Sample
230327-17sq1aff24
-
MD5
b4aca8fbccb740f2a17b6630f0fc5d4b
-
SHA1
ceb2373fc825632aebea85e9c673427649b36d20
-
SHA256
f61c6e87196997c3cd59c878395d6956904798d5330add9296bc54ad48c59a5b
-
SHA512
5261301421394a842bbec5f760da13df8a4f80bc352293b7160e621501316baeba8d6cc71f62854c7c0a392c38001f6659a67dd77f5b4d5cbaf234817ce23ac3
-
SSDEEP
98304:OJuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRV6:O8D/yIqlhlW4i/QsnwZzjMSeV6
Static task
static1
Behavioral task
behavioral1
Sample
f61c6e87196997c3cd59c878395d6956904798d5330add9296bc54ad48c59a5b.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
f61c6e87196997c3cd59c878395d6956904798d5330add9296bc54ad48c59a5b
-
Size
3.4MB
-
MD5
b4aca8fbccb740f2a17b6630f0fc5d4b
-
SHA1
ceb2373fc825632aebea85e9c673427649b36d20
-
SHA256
f61c6e87196997c3cd59c878395d6956904798d5330add9296bc54ad48c59a5b
-
SHA512
5261301421394a842bbec5f760da13df8a4f80bc352293b7160e621501316baeba8d6cc71f62854c7c0a392c38001f6659a67dd77f5b4d5cbaf234817ce23ac3
-
SSDEEP
98304:OJuR21C/yIq/dhl/O4i/TksjdFwvhzjMSwRV6:O8D/yIqlhlW4i/QsnwZzjMSeV6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Suspicious use of SetThreadContext
-