General
-
Target
file.exe
-
Size
2.8MB
-
Sample
231031-rvpn5sca77
-
MD5
2fdc0b7c0abb0f36fd640c7b57fdd074
-
SHA1
e59816247aae7b06218e5a2a0969f0580a9c93a9
-
SHA256
1d8f6bb53fb3bf0122803f53d768746f1c21e3c82547179d84a439f5ba09cb50
-
SHA512
1948271f619d8ced6778957b58432264a50518166a42dc3de14784b7f47616bf631deac27b5eb10e9ad91cc86e00856970c80dab8d189d46f729ce17ca1e6f5f
-
SSDEEP
49152:5GBK4xl0vOH3w/0BdRchURPdbXJj+O4YegH6nItGEBEYQPzmMHU+Atmvd07P:aHxlmmeQohedbXZVaItdBEYUzmYjv
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231025-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
2.8MB
-
MD5
2fdc0b7c0abb0f36fd640c7b57fdd074
-
SHA1
e59816247aae7b06218e5a2a0969f0580a9c93a9
-
SHA256
1d8f6bb53fb3bf0122803f53d768746f1c21e3c82547179d84a439f5ba09cb50
-
SHA512
1948271f619d8ced6778957b58432264a50518166a42dc3de14784b7f47616bf631deac27b5eb10e9ad91cc86e00856970c80dab8d189d46f729ce17ca1e6f5f
-
SSDEEP
49152:5GBK4xl0vOH3w/0BdRchURPdbXJj+O4YegH6nItGEBEYQPzmMHU+Atmvd07P:aHxlmmeQohedbXZVaItdBEYUzmYjv
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-