General
-
Target
f5b49bd5b215416c31650c1bf1047e33.bin
-
Size
8.8MB
-
Sample
230327-cw82vabc74
-
MD5
f5b49bd5b215416c31650c1bf1047e33
-
SHA1
3e8468db67c3b41eeab8017018670ae57afe702d
-
SHA256
ea25a8909d0bd9438586d97aa8919fc90ad8cef0043ea13fec603c780e0427e1
-
SHA512
2a9c5682794eb761a7a7b8d78db8a2dc39b94b2a0779f3ed250101deecfca9ef27257bf1d9a7de2aff13abba995da2fc95a623481e23cb631449434fcce558a2
-
SSDEEP
196608:3lViYdgxP1MTFmMUwMqhmrOGSF2yCVbXyqsz5p5:3riYexPQUwMqhmrlS0pynz5p5
Behavioral task
behavioral1
Sample
f5b49bd5b215416c31650c1bf1047e33.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
f5b49bd5b215416c31650c1bf1047e33.bin
-
Size
8.8MB
-
MD5
f5b49bd5b215416c31650c1bf1047e33
-
SHA1
3e8468db67c3b41eeab8017018670ae57afe702d
-
SHA256
ea25a8909d0bd9438586d97aa8919fc90ad8cef0043ea13fec603c780e0427e1
-
SHA512
2a9c5682794eb761a7a7b8d78db8a2dc39b94b2a0779f3ed250101deecfca9ef27257bf1d9a7de2aff13abba995da2fc95a623481e23cb631449434fcce558a2
-
SSDEEP
196608:3lViYdgxP1MTFmMUwMqhmrOGSF2yCVbXyqsz5p5:3riYexPQUwMqhmrlS0pynz5p5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-