General
-
Target
B4495E11AACF8D20A0161000749817DB.exe
-
Size
3.1MB
-
Sample
230330-yezyhafd9v
-
MD5
b4495e11aacf8d20a0161000749817db
-
SHA1
02a504731b41172614ee8790a287bc99f7800540
-
SHA256
86e72cc0456f4f34626f6e37c8b17e4ba7b6d98dbf777d4cebfc379d9ae6a4b2
-
SHA512
f08c4b2df291ba19671c58b8072b0ac2d392569c7ad5e676857fe7f622dd8984850ba664fe5b936197f894da83408786f4f5f4abf383b66ff9fa5970db40180c
-
SSDEEP
49152:ki/BUmEi8As05+KXwz5ZOcjJW75nRMhk3Ujj852v2GyfM+SINfvVKm0xm+8VYf:kiZ18AsrcwbSMhXYzGyuINUg+8Vk
Behavioral task
behavioral1
Sample
B4495E11AACF8D20A0161000749817DB.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
B4495E11AACF8D20A0161000749817DB.exe
-
Size
3.1MB
-
MD5
b4495e11aacf8d20a0161000749817db
-
SHA1
02a504731b41172614ee8790a287bc99f7800540
-
SHA256
86e72cc0456f4f34626f6e37c8b17e4ba7b6d98dbf777d4cebfc379d9ae6a4b2
-
SHA512
f08c4b2df291ba19671c58b8072b0ac2d392569c7ad5e676857fe7f622dd8984850ba664fe5b936197f894da83408786f4f5f4abf383b66ff9fa5970db40180c
-
SSDEEP
49152:ki/BUmEi8As05+KXwz5ZOcjJW75nRMhk3Ujj852v2GyfM+SINfvVKm0xm+8VYf:kiZ18AsrcwbSMhXYzGyuINUg+8Vk
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-