General
-
Target
Yams_Services_External.exe
-
Size
3.5MB
-
Sample
230330-w1bfxsfc2y
-
MD5
4240b6c1ab4629acc3927253194bb347
-
SHA1
2dd45eca03940f3ec406a41dab511aff46b12f28
-
SHA256
d3084cfdaaddce936b27ab95f651c27633938ae844b7858d3871bbc56b4437b2
-
SHA512
4998f70111505b755710b2eafd13e2c52b95ab68cdd15ab82c4d6b46c0388a0d72b03206b2074364a824c3e92265c4c6c34083b8e876c7b1f41e02d5818be435
-
SSDEEP
98304:aJcv8AMTa1spzA7IcKgoUxdu+/y8QTrCsGT:e0EA7X4Uxdx/y8dT
Behavioral task
behavioral1
Sample
Yams_Services_External.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Yams_Services_External.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Yams_Services_External.exe
-
Size
3.5MB
-
MD5
4240b6c1ab4629acc3927253194bb347
-
SHA1
2dd45eca03940f3ec406a41dab511aff46b12f28
-
SHA256
d3084cfdaaddce936b27ab95f651c27633938ae844b7858d3871bbc56b4437b2
-
SHA512
4998f70111505b755710b2eafd13e2c52b95ab68cdd15ab82c4d6b46c0388a0d72b03206b2074364a824c3e92265c4c6c34083b8e876c7b1f41e02d5818be435
-
SSDEEP
98304:aJcv8AMTa1spzA7IcKgoUxdu+/y8QTrCsGT:e0EA7X4Uxdx/y8dT
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-