General
-
Target
4204b9d4c4df5c4b4d67922db24f342a.exe
-
Size
3.2MB
-
Sample
240328-j4zayagb4s
-
MD5
4204b9d4c4df5c4b4d67922db24f342a
-
SHA1
9255b5e94028f3f55adda2576d60bd39452eaf08
-
SHA256
62cd7b447bdee3ec1670c92d9585e1fddbaa5d4ee824dee8f15940005bf95414
-
SHA512
0b4ed4d6397c9f34cf2c72d9c581a6e5d94eabf395da0010073b1600883dac6fcc48c1606ffee29952bd60707caf03b8a6d6cf644b2ac668306b4a418d726423
-
SSDEEP
49152:l/Ki16IscOcmroPBql2IzydQgfTzTGKr6d61YryTz3onQqHlfBrfgOtat:Ujpreg7zyWsFGd61QYoHBroO4t
Behavioral task
behavioral1
Sample
4204b9d4c4df5c4b4d67922db24f342a.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
4204b9d4c4df5c4b4d67922db24f342a.exe
-
Size
3.2MB
-
MD5
4204b9d4c4df5c4b4d67922db24f342a
-
SHA1
9255b5e94028f3f55adda2576d60bd39452eaf08
-
SHA256
62cd7b447bdee3ec1670c92d9585e1fddbaa5d4ee824dee8f15940005bf95414
-
SHA512
0b4ed4d6397c9f34cf2c72d9c581a6e5d94eabf395da0010073b1600883dac6fcc48c1606ffee29952bd60707caf03b8a6d6cf644b2ac668306b4a418d726423
-
SSDEEP
49152:l/Ki16IscOcmroPBql2IzydQgfTzTGKr6d61YryTz3onQqHlfBrfgOtat:Ujpreg7zyWsFGd61QYoHBroO4t
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-