General
-
Target
login.exe
-
Size
429KB
-
Sample
240222-e19kaabe51
-
MD5
b88444cf2c03ce4efe2a1608a379ee53
-
SHA1
68d9285ee72288656c258cf9db9c564226a48ddb
-
SHA256
d70e292a21ebc5ca1675ca585bcae52a51aad4bcee9bbbaf44b0a2cc635b64c7
-
SHA512
7c9e116a417f2a15d2ca3f70b61697c9e34b6131b12221032cde9d64c41993f6f8cfa34196ed99122aa34d59159955d6362827f0d4eee1688bce465539e8d633
-
SSDEEP
12288:Zt5NpMGK6Ia5Jr4IQAvq3eSKXvVZhuwxHvh:Zt5NGGzIo3QSqOS+VZhT
Static task
static1
Behavioral task
behavioral1
Sample
login.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
login.exe
-
Size
429KB
-
MD5
b88444cf2c03ce4efe2a1608a379ee53
-
SHA1
68d9285ee72288656c258cf9db9c564226a48ddb
-
SHA256
d70e292a21ebc5ca1675ca585bcae52a51aad4bcee9bbbaf44b0a2cc635b64c7
-
SHA512
7c9e116a417f2a15d2ca3f70b61697c9e34b6131b12221032cde9d64c41993f6f8cfa34196ed99122aa34d59159955d6362827f0d4eee1688bce465539e8d633
-
SSDEEP
12288:Zt5NpMGK6Ia5Jr4IQAvq3eSKXvVZhuwxHvh:Zt5NGGzIo3QSqOS+VZhT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-