General
-
Target
53cbb87ebcaa51046685c3cf18d70f17.exe
-
Size
2.2MB
-
Sample
240111-y12zzsgdf5
-
MD5
53cbb87ebcaa51046685c3cf18d70f17
-
SHA1
351a2d586999aebd22f895c03365ac7020fca260
-
SHA256
d49272abf8c1105c2808ccc5bb616e49c384e92f2e33491af1e402340a6bd0c6
-
SHA512
587e4e5b68583474713bd7f5d631956839659e212c1cff315557cdfdfc2b5bc15052666dec3c8e99b50d9026b2c7a79ddc965839bc96db95abe045a5299b4b45
-
SSDEEP
49152:X0V0NmpIsPw//BM8xDfsKf9G/qhFviFEtPGAsY17esnI8QvTvSDMgu52JAlHuoRc:kV0NoIsPw//BBxDVGyUEdNVnuTvSD8eN
Static task
static1
Behavioral task
behavioral1
Sample
53cbb87ebcaa51046685c3cf18d70f17.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
53cbb87ebcaa51046685c3cf18d70f17.exe
-
Size
2.2MB
-
MD5
53cbb87ebcaa51046685c3cf18d70f17
-
SHA1
351a2d586999aebd22f895c03365ac7020fca260
-
SHA256
d49272abf8c1105c2808ccc5bb616e49c384e92f2e33491af1e402340a6bd0c6
-
SHA512
587e4e5b68583474713bd7f5d631956839659e212c1cff315557cdfdfc2b5bc15052666dec3c8e99b50d9026b2c7a79ddc965839bc96db95abe045a5299b4b45
-
SSDEEP
49152:X0V0NmpIsPw//BM8xDfsKf9G/qhFviFEtPGAsY17esnI8QvTvSDMgu52JAlHuoRc:kV0NoIsPw//BBxDVGyUEdNVnuTvSD8eN
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-