General
-
Target
VMware.Workstation.Pro.v16.exe
-
Size
328.5MB
-
Sample
230329-xd9kwahd95
-
MD5
6099b0f0bc28904e304848777f7967d2
-
SHA1
e0d8b209ce963c96211fa56633ca097d712d8239
-
SHA256
d1dadb84b8c917f0b82a60cc82804561c7b2b3ebb5b6871eff51e7d7e85d6a31
-
SHA512
d88cc596a0018d45785933fefe18f052cb91c39b94a56382db3e177cabd964c16390baba66b7412603bd6c766fbb9a7053bccc50d482f3a65c6cee8d984ebbc5
-
SSDEEP
6291456:jDLtK27WVZnK0K0RQ8nTwtPL+SdwcV6LkZuaOO052ZVA701uAWXjU:jHtqVZnK0K2a+pcV6a052c+uLjU
Static task
static1
Behavioral task
behavioral1
Sample
VMware.Workstation.Pro.v16.exe
Resource
win10v2004-20230220-de
Malware Config
Targets
-
-
Target
VMware.Workstation.Pro.v16.exe
-
Size
328.5MB
-
MD5
6099b0f0bc28904e304848777f7967d2
-
SHA1
e0d8b209ce963c96211fa56633ca097d712d8239
-
SHA256
d1dadb84b8c917f0b82a60cc82804561c7b2b3ebb5b6871eff51e7d7e85d6a31
-
SHA512
d88cc596a0018d45785933fefe18f052cb91c39b94a56382db3e177cabd964c16390baba66b7412603bd6c766fbb9a7053bccc50d482f3a65c6cee8d984ebbc5
-
SSDEEP
6291456:jDLtK27WVZnK0K0RQ8nTwtPL+SdwcV6LkZuaOO052ZVA701uAWXjU:jHtqVZnK0K2a+pcV6a052c+uLjU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-