General
-
Target
tmp
-
Size
5.5MB
-
Sample
230911-vpn27shc6s
-
MD5
a92a908cae30b9b020244bedf61a1dd4
-
SHA1
a45bf660ae267b2c8027327b2b97c61faa88d9ae
-
SHA256
ae14b287be4c2cb072802d65693beeb9efecefd6e6de5994abe49546b8ca0308
-
SHA512
beab8787db9e978c0db067f0cbc2acff56033f1343bbde5ed6ff364b9ce241cdac00c33f66e799ad6a693a7dd7eb54274c11010fa4c087b18a31fb408cd10fba
-
SSDEEP
98304:pHrMX3ZbN6mocwdMpXYI6A2XwY0o7r5QBa2lAo3WTsKVnd/9lSD/WFIxUBzqHy:1MnZZPocwGpoRRXwY9rb2moBKVd/9lEJ
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
tmp
-
Size
5.5MB
-
MD5
a92a908cae30b9b020244bedf61a1dd4
-
SHA1
a45bf660ae267b2c8027327b2b97c61faa88d9ae
-
SHA256
ae14b287be4c2cb072802d65693beeb9efecefd6e6de5994abe49546b8ca0308
-
SHA512
beab8787db9e978c0db067f0cbc2acff56033f1343bbde5ed6ff364b9ce241cdac00c33f66e799ad6a693a7dd7eb54274c11010fa4c087b18a31fb408cd10fba
-
SSDEEP
98304:pHrMX3ZbN6mocwdMpXYI6A2XwY0o7r5QBa2lAo3WTsKVnd/9lSD/WFIxUBzqHy:1MnZZPocwGpoRRXwY9rb2moBKVd/9lEJ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-