General
-
Target
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94.exe
-
Size
28.6MB
-
Sample
230330-yq59nafe5w
-
MD5
1484c0b90a64e7fa06a87424c8f8fa8c
-
SHA1
a4d394a55d2cf293f0e91d85bc0ab80ec0a78e22
-
SHA256
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94
-
SHA512
2b6bdcbbc801d9a81977ef1fa6cde51300a860f6bc9647bf2d5de2b1182e500a24129afcac2422bf281e32c0d2028c16f97a11749071b2dc24f38a8d3d401963
-
SSDEEP
393216:rdIBZrXryiC8fnImV1zIKr/lGONwfKYBGilL0XCM+14x/t7MXGMoNlNXX5YJmgHu:rMVBHkKBvNA8DS477bNlNXXpgHvg9gY
Static task
static1
Behavioral task
behavioral1
Sample
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94.exe
-
Size
28.6MB
-
MD5
1484c0b90a64e7fa06a87424c8f8fa8c
-
SHA1
a4d394a55d2cf293f0e91d85bc0ab80ec0a78e22
-
SHA256
0fb4b6601e5d5ca3901a1f3354a6ebf472490e6035657ae28889d481aad9ce94
-
SHA512
2b6bdcbbc801d9a81977ef1fa6cde51300a860f6bc9647bf2d5de2b1182e500a24129afcac2422bf281e32c0d2028c16f97a11749071b2dc24f38a8d3d401963
-
SSDEEP
393216:rdIBZrXryiC8fnImV1zIKr/lGONwfKYBGilL0XCM+14x/t7MXGMoNlNXX5YJmgHu:rMVBHkKBvNA8DS477bNlNXXpgHvg9gY
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-