General
-
Target
Server.exe
-
Size
7.0MB
-
Sample
230621-ygbzfsbb69
-
MD5
3f37221122467ac5f32a8c33a812e508
-
SHA1
9f6d4058292a8b46530529195e534cc4903ef2f7
-
SHA256
f513d3e038b7d1eac73eb559f334fdc7fa47ced2b542307e62154890cffff32d
-
SHA512
a0700f93329a8b20ee723dc0c2b0c43e54c25a0f0c4b9cdfe3340fa2e00c5c3d76573fa99ef31837f8f05c25266b050dd63f7d1c6a4c91c7f169643bf6ce9c16
-
SSDEEP
98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
Server.exe
-
Size
7.0MB
-
MD5
3f37221122467ac5f32a8c33a812e508
-
SHA1
9f6d4058292a8b46530529195e534cc4903ef2f7
-
SHA256
f513d3e038b7d1eac73eb559f334fdc7fa47ced2b542307e62154890cffff32d
-
SHA512
a0700f93329a8b20ee723dc0c2b0c43e54c25a0f0c4b9cdfe3340fa2e00c5c3d76573fa99ef31837f8f05c25266b050dd63f7d1c6a4c91c7f169643bf6ce9c16
-
SSDEEP
98304:EB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:tcUG4raKu24YY7HVT4hV0AD6QgqKRgX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-