General
-
Target
74c738ec680d1ff87c135833211a88dd
-
Size
5.9MB
-
Sample
240125-qdbkhshbak
-
MD5
74c738ec680d1ff87c135833211a88dd
-
SHA1
12040b15530b5b80de79faa122d095341c388b60
-
SHA256
bcb6d900f86664d0a97e69510c99b519f26f376316e761fadf2a8ef4f672b975
-
SHA512
a002eaf05daa6b8826fb73fe4beef075c647ceb0a59198ae223329497b92487fd2a029ad0a7c1bd13656e02d9d22506a148dbe46733b89ed675b77c8aae07ad1
-
SSDEEP
49152:VDIMT1Lr5k16MadwH/MiaK+zRHhHreL+lcTQxexi5rFN9rr1x0QDQcUhoecxyA+P:pm
Static task
static1
Behavioral task
behavioral1
Sample
74c738ec680d1ff87c135833211a88dd.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
74c738ec680d1ff87c135833211a88dd
-
Size
5.9MB
-
MD5
74c738ec680d1ff87c135833211a88dd
-
SHA1
12040b15530b5b80de79faa122d095341c388b60
-
SHA256
bcb6d900f86664d0a97e69510c99b519f26f376316e761fadf2a8ef4f672b975
-
SHA512
a002eaf05daa6b8826fb73fe4beef075c647ceb0a59198ae223329497b92487fd2a029ad0a7c1bd13656e02d9d22506a148dbe46733b89ed675b77c8aae07ad1
-
SSDEEP
49152:VDIMT1Lr5k16MadwH/MiaK+zRHhHreL+lcTQxexi5rFN9rr1x0QDQcUhoecxyA+P:pm
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-