General
-
Target
MW3_Unlocker (1).exe
-
Size
6.1MB
-
Sample
240409-fx2kyaba6w
-
MD5
440f3b905dfd499af206124d0375a00a
-
SHA1
c9deca63f45589c0428dcc50fb14a933a4dc13ca
-
SHA256
d26efbd37d69e8efeabb7f8f02468f92ee929567858c52e61449e7b75aee990c
-
SHA512
4eae521d741876d3a88be71e7d8d1f674a1c568979405062416b9a4a0f311d9f520ed61ee57935e8c542dd4be4a976f273bf7e2f4aba56005aaf84b49338c052
-
SSDEEP
98304:WMVjn3kaShebmkEBch4fHp5EKn5qsH8wojSHSl+fc0p7I48dsi3XkMf2:h3WcmkEgiHp5EK5qsEoK/0plIswF2
Behavioral task
behavioral1
Sample
MW3_Unlocker (1).exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
MW3_Unlocker (1).exe
-
Size
6.1MB
-
MD5
440f3b905dfd499af206124d0375a00a
-
SHA1
c9deca63f45589c0428dcc50fb14a933a4dc13ca
-
SHA256
d26efbd37d69e8efeabb7f8f02468f92ee929567858c52e61449e7b75aee990c
-
SHA512
4eae521d741876d3a88be71e7d8d1f674a1c568979405062416b9a4a0f311d9f520ed61ee57935e8c542dd4be4a976f273bf7e2f4aba56005aaf84b49338c052
-
SSDEEP
98304:WMVjn3kaShebmkEBch4fHp5EKn5qsH8wojSHSl+fc0p7I48dsi3XkMf2:h3WcmkEgiHp5EK5qsEoK/0plIswF2
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-