General
-
Target
DZKJ-1.0.0.52.exe
-
Size
14.8MB
-
Sample
240221-r4nhfahh57
-
MD5
7d94503119588f1e769d1a871a949969
-
SHA1
d31a2fcb9fa635b7ca9cda8b6a239815a6645dcd
-
SHA256
dcb378e8645acb7a8c2be0f51f9c9c125044659a73390d524accb96772f79a16
-
SHA512
cc1b52450d9623d6766320cc80346fe6e8e00f669b2a3f7fd8ab95e5c610803d66457e886e62dff371421982dd21c259159eb5a0907c94562f018e816e3dd95f
-
SSDEEP
196608:WgA3UoPtKLBSIkMmf5XPmImn/2gpi08QukGZl9lEL38NlxgjewYk1jrMX+5j6txW:pAkolIBShMwu+2ukmoKlxgjewXmxB35m
Behavioral task
behavioral1
Sample
DZKJ-1.0.0.52.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DZKJ-1.0.0.52.exe
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
DZKJ-1.0.0.52.exe
-
Size
14.8MB
-
MD5
7d94503119588f1e769d1a871a949969
-
SHA1
d31a2fcb9fa635b7ca9cda8b6a239815a6645dcd
-
SHA256
dcb378e8645acb7a8c2be0f51f9c9c125044659a73390d524accb96772f79a16
-
SHA512
cc1b52450d9623d6766320cc80346fe6e8e00f669b2a3f7fd8ab95e5c610803d66457e886e62dff371421982dd21c259159eb5a0907c94562f018e816e3dd95f
-
SSDEEP
196608:WgA3UoPtKLBSIkMmf5XPmImn/2gpi08QukGZl9lEL38NlxgjewYk1jrMX+5j6txW:pAkolIBShMwu+2ukmoKlxgjewXmxB35m
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-