General
-
Target
SpooferV1.zip
-
Size
5.3MB
-
Sample
240404-yxtjfahb51
-
MD5
94ff81bbf82b285d8be0088d4daaec22
-
SHA1
c6d9b728b14181d65a1a013f2b79345850b73634
-
SHA256
138cc746e59177562ebd9e423e34fb642533b7c848c6b97c262e694625426425
-
SHA512
8f9713afca4cfc57ddfeb238908fb5f9823544526434de9f7fd12dc43cf070f5b7c4f16031502e9d00f4ac46cce00c2eb162f1fdff224485036ce65c6b0b02aa
-
SSDEEP
98304:d2JlPICxZiLrznfU6p17PISBpf8R934IGBZteZX+GIhrVZODMG65VtziyyfgomP0:d2JeCSDfVbISi2ISbubErHOfEdifgom8
Behavioral task
behavioral1
Sample
SpooferV1.exe
Resource
win10v2004-20240319-fr
Malware Config
Targets
-
-
Target
SpooferV1.exe
-
Size
101KB
-
MD5
d40d70252d42764cdf128222c211fb67
-
SHA1
91915d020dd32309266342dbe733393838a6a6f0
-
SHA256
6c2059f0321eab846ae86da008a2227179c0afb5920036e9ea8389009670aeb9
-
SHA512
6a73ca112052475e48011d59a1cc1515a9ca93fc2e28bbe9f99170be31a74f8ee1a15c895954dc79ae7223cb14f661d5bf9eeead93aa8934c7777112db71b4fc
-
SSDEEP
1536:37fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfqwxWS43OgwOQ:r7DhdC6kzWypvaQ0FxyNTBfqdHOl
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-