General
-
Target
ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4
-
Size
3.4MB
-
Sample
231020-ftqn9sec4w
-
MD5
20fb5e586475341f636b916b026208ff
-
SHA1
adc20cda17f7d27e37d211b28a24dd06ca7a580c
-
SHA256
24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4
-
SHA512
41c19075c05a66df4517a0dacce8e90eee1f1dca95f71f9d598e5e88f9928459f1157fa967089e7510cb2a81a23a3e8e7728799d183ef17c39b35edb42b70e0d
-
SSDEEP
98304:mUoz95vq28HVaKCJj1z2ge+u/3qXuD5OxBBkyWBh:jQZyahJ4g3uPIuFKayu
Behavioral task
behavioral1
Sample
ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe
Resource
win7-20230831-en
Malware Config
Targets
-
-
Target
ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4
-
Size
3.4MB
-
MD5
20fb5e586475341f636b916b026208ff
-
SHA1
adc20cda17f7d27e37d211b28a24dd06ca7a580c
-
SHA256
24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4
-
SHA512
41c19075c05a66df4517a0dacce8e90eee1f1dca95f71f9d598e5e88f9928459f1157fa967089e7510cb2a81a23a3e8e7728799d183ef17c39b35edb42b70e0d
-
SSDEEP
98304:mUoz95vq28HVaKCJj1z2ge+u/3qXuD5OxBBkyWBh:jQZyahJ4g3uPIuFKayu
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-