General
-
Target
SeroXenPTO.rar
-
Size
49.5MB
-
Sample
240330-3htywahg95
-
MD5
540f399062f2e223ff671c7d80eb2474
-
SHA1
a2027ca68b1703e03a836d8e563b4770d29c5391
-
SHA256
8ae0f170187701c391a7ef44d957dde423be508bff66e13ad7e375153230011a
-
SHA512
c47555a5501eb029d390711fec1cb747378e1cfd7d0f968e574295805ac2de58e509cf79ff3da8ddbe94e94e4304e6b39b28acb2a179ef6222c41bed62c894c2
-
SSDEEP
1572864:uMVF3K/MX3oMWm5c/NrsDL2ZVbdo/Wk+jgIg:132pm5O1ILqc/Wnng
Behavioral task
behavioral1
Sample
SeroXenPTO/SeroXen.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
SeroXenPTO/SeroXen.exe
-
Size
38.6MB
-
MD5
89a7d73bad622bbd0b9dfb8e80f8c42e
-
SHA1
f1ac96f1d956254c6b2209f457355da89c987d8f
-
SHA256
7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1
-
SHA512
760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0
-
SSDEEP
786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-