General
-
Target
d5c0d9e9b7ab82909616db51853f52fb.exe
-
Size
6.1MB
-
Sample
231219-mm8d3afbf9
-
MD5
d5c0d9e9b7ab82909616db51853f52fb
-
SHA1
260d62353d3d57326b9e88bfc61384d47d2ed58d
-
SHA256
28a2f06c05fc57ff938deaf782e23986962785e947fb7922454779d33b0c9a84
-
SHA512
9c1603e6c96695f251573196e2013904f4cd858ff6617cc6948253b0aa345597e8932ef68fce2f3169eb95b7c8de24be3046c1f171ea64649256d8619a55d49d
-
SSDEEP
196608:qDvaZfDkVDSeTmU968Yiblh941pH8zabv:q+ZfCSCmT8YiBh2pcz2
Static task
static1
Behavioral task
behavioral1
Sample
d5c0d9e9b7ab82909616db51853f52fb.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
d5c0d9e9b7ab82909616db51853f52fb.exe
-
Size
6.1MB
-
MD5
d5c0d9e9b7ab82909616db51853f52fb
-
SHA1
260d62353d3d57326b9e88bfc61384d47d2ed58d
-
SHA256
28a2f06c05fc57ff938deaf782e23986962785e947fb7922454779d33b0c9a84
-
SHA512
9c1603e6c96695f251573196e2013904f4cd858ff6617cc6948253b0aa345597e8932ef68fce2f3169eb95b7c8de24be3046c1f171ea64649256d8619a55d49d
-
SSDEEP
196608:qDvaZfDkVDSeTmU968Yiblh941pH8zabv:q+ZfCSCmT8YiBh2pcz2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-