General
-
Target
Server.exe
-
Size
7.0MB
-
Sample
230621-ym2gascd4y
-
MD5
5bad0b5c7d840efbf37d886f5b51d9ee
-
SHA1
58ab9ac2359808cb8db60b7f85df3397f9355ac8
-
SHA256
0d32c69169a37902b2c1390b37e9039fe50ddb2f4c74f7f0e91538fe8158150d
-
SHA512
67633aa674e44a371f2ca3edb856af6cdf965a29901225af2ccdfc3f9d9658ccb71cb418c0a7502eac9f7b112dcbd0b0370c78aae04c9d17d7edd26009e26664
-
SSDEEP
98304:LB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:wcUG4raKu24YY7HVT4hV0AD6QgqKRgX
Behavioral task
behavioral1
Sample
Server.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
Server.exe
-
Size
7.0MB
-
MD5
5bad0b5c7d840efbf37d886f5b51d9ee
-
SHA1
58ab9ac2359808cb8db60b7f85df3397f9355ac8
-
SHA256
0d32c69169a37902b2c1390b37e9039fe50ddb2f4c74f7f0e91538fe8158150d
-
SHA512
67633aa674e44a371f2ca3edb856af6cdf965a29901225af2ccdfc3f9d9658ccb71cb418c0a7502eac9f7b112dcbd0b0370c78aae04c9d17d7edd26009e26664
-
SSDEEP
98304:LB2pC6XG4HNkq5UKPhc24Y1/QPldHVTgPNhV0ADXqQgpkWDRIZVMnu0jjD8ueJU:wcUG4raKu24YY7HVT4hV0AD6QgqKRgX
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-