General
-
Target
Library.exe
-
Size
4.1MB
-
Sample
240406-ac233sfg32
-
MD5
04ed10d94e5cd607770eecc9aee56105
-
SHA1
f43752eb19d1359efcc90e8b1e7078594beed40c
-
SHA256
7da1fb99de280b8baf392e8d5a62026cf709b202bf78cc74652c3f84c90c929f
-
SHA512
ff770a81822005bd0ff9b901cea3fc25d73daf06dafeaebf75cf2ba38841004fae6f6b102e6b34f215d1df5a647c1a398423ed32179ef1bb28b7562fa6036a27
-
SSDEEP
98304:+80h5vs4SZWnzJgKSF3UPDV/KQBR8rOI4i1q3:pGVs44WntglyCQwAz
Malware Config
Targets
-
-
Target
Library.exe
-
Size
4.1MB
-
MD5
04ed10d94e5cd607770eecc9aee56105
-
SHA1
f43752eb19d1359efcc90e8b1e7078594beed40c
-
SHA256
7da1fb99de280b8baf392e8d5a62026cf709b202bf78cc74652c3f84c90c929f
-
SHA512
ff770a81822005bd0ff9b901cea3fc25d73daf06dafeaebf75cf2ba38841004fae6f6b102e6b34f215d1df5a647c1a398423ed32179ef1bb28b7562fa6036a27
-
SSDEEP
98304:+80h5vs4SZWnzJgKSF3UPDV/KQBR8rOI4i1q3:pGVs44WntglyCQwAz
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-