General
-
Target
ORIONCHECKER.dll
-
Size
28.3MB
-
Sample
230328-plt66acf3t
-
MD5
2c60470a964906d0655a1e47339e2ad3
-
SHA1
eb6f907abb0eec689beea6c5c370143e06dbd032
-
SHA256
f45909b2a34a28b31be60d7c83bc9744d8c97649ab1995a2e499978f4f79ad8a
-
SHA512
7ac0f4d85312e0025c3796bed3602459f57ddaf4f8ad1d416208757e4926197b06ce2e8e6b5f9047410a842af7bc2bf669e9bc5776c0be4826dc10a32138b650
-
SSDEEP
786432:JvLh4zHT0a+vVgigVJvEM3oPjpkVJiKUhW52RgjmGJa6ATQ:B1CT9+vYbknKeWsRhGJa6
Static task
static1
Behavioral task
behavioral1
Sample
ORIONCHECKER.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
ORIONCHECKER.dll
-
Size
28.3MB
-
MD5
2c60470a964906d0655a1e47339e2ad3
-
SHA1
eb6f907abb0eec689beea6c5c370143e06dbd032
-
SHA256
f45909b2a34a28b31be60d7c83bc9744d8c97649ab1995a2e499978f4f79ad8a
-
SHA512
7ac0f4d85312e0025c3796bed3602459f57ddaf4f8ad1d416208757e4926197b06ce2e8e6b5f9047410a842af7bc2bf669e9bc5776c0be4826dc10a32138b650
-
SSDEEP
786432:JvLh4zHT0a+vVgigVJvEM3oPjpkVJiKUhW52RgjmGJa6ATQ:B1CT9+vYbknKeWsRhGJa6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-