General
-
Target
Notepad++.exe
-
Size
9.3MB
-
Sample
230331-wtq8ssdf6t
-
MD5
72d3de3eea3c1a7039395f2914c3307c
-
SHA1
ca62f58c31e3332cfe7a89840bc2e2f27b03fca0
-
SHA256
ff9b36255a9b8bfe5e2a87bcb3b964005731b9789200168ab65d4352bcc20d1f
-
SHA512
086d96ea04086d4377383f8bed62de30aab513b628903130d2c184e2b2f6ffcac6214fdd2784f4fc45cd3c368027052b443a61bed3ea4b7754d6f55261adbae1
-
SSDEEP
196608:lGg6ivJJOI/uCSV7nhJXkzpVmUTt58g3VYfNKBTqGr87u:wgHvmrVzh22Ur3VOKnr7
Behavioral task
behavioral1
Sample
Notepad++.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
Notepad++.exe
-
Size
9.3MB
-
MD5
72d3de3eea3c1a7039395f2914c3307c
-
SHA1
ca62f58c31e3332cfe7a89840bc2e2f27b03fca0
-
SHA256
ff9b36255a9b8bfe5e2a87bcb3b964005731b9789200168ab65d4352bcc20d1f
-
SHA512
086d96ea04086d4377383f8bed62de30aab513b628903130d2c184e2b2f6ffcac6214fdd2784f4fc45cd3c368027052b443a61bed3ea4b7754d6f55261adbae1
-
SSDEEP
196608:lGg6ivJJOI/uCSV7nhJXkzpVmUTt58g3VYfNKBTqGr87u:wgHvmrVzh22Ur3VOKnr7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-