General
-
Target
Loader.exe
-
Size
3.3MB
-
Sample
230329-3lsvzsac62
-
MD5
aa27322c80872d70bcd3eabde5f88141
-
SHA1
daef906c51350e74bc7eeace80e35b1bb2e2f443
-
SHA256
4b08cc716f6f89415e2dc85e3c4eb626fcb9b0697f1596d5a27482b5a40d3227
-
SHA512
12ad87b7ab61c92246ddae74eaa62223be948b57abcea1024b21a63bc0e1e6db66c3d911bbe30c857426602436a2a92479323513f25df9b683cda127a84e594e
-
SSDEEP
49152:F/4780JJXqoYgkt9fT5mhaKG/iKz8Sn/Jypm+IUK7AYoL2ENttSIyUA8z/haouab:cfit/R6Kz8S0IjgvPxyfQ54Yfsxbhc
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
3.3MB
-
MD5
aa27322c80872d70bcd3eabde5f88141
-
SHA1
daef906c51350e74bc7eeace80e35b1bb2e2f443
-
SHA256
4b08cc716f6f89415e2dc85e3c4eb626fcb9b0697f1596d5a27482b5a40d3227
-
SHA512
12ad87b7ab61c92246ddae74eaa62223be948b57abcea1024b21a63bc0e1e6db66c3d911bbe30c857426602436a2a92479323513f25df9b683cda127a84e594e
-
SSDEEP
49152:F/4780JJXqoYgkt9fT5mhaKG/iKz8Sn/Jypm+IUK7AYoL2ENttSIyUA8z/haouab:cfit/R6Kz8S0IjgvPxyfQ54Yfsxbhc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-