General
-
Target
Server.exe
-
Size
7.0MB
-
Sample
230621-yjdwtscd3z
-
MD5
a129b7e8ecea7d732b4725f2ce818140
-
SHA1
8e410cc7f859d11e81e91310262afdce9910df65
-
SHA256
44e69d70ca5a90f4fe40b974bf8593e174c2c44f254ecde01563a99c48b9950a
-
SHA512
72886fd7011dc661e117c855d255431563dcab751e059d0f821e37e1530217b23678bd7bb7f4bbd20772defa5b7137518dc0d9effec7fe56945416664854de90
-
SSDEEP
98304:xB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:acUG4raKu24YY7HVT4hV0AD6QgqKRgX
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
Server.exe
-
Size
7.0MB
-
MD5
a129b7e8ecea7d732b4725f2ce818140
-
SHA1
8e410cc7f859d11e81e91310262afdce9910df65
-
SHA256
44e69d70ca5a90f4fe40b974bf8593e174c2c44f254ecde01563a99c48b9950a
-
SHA512
72886fd7011dc661e117c855d255431563dcab751e059d0f821e37e1530217b23678bd7bb7f4bbd20772defa5b7137518dc0d9effec7fe56945416664854de90
-
SSDEEP
98304:xB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:acUG4raKu24YY7HVT4hV0AD6QgqKRgX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-