General
-
Target
Origin Spoofer.exe
-
Size
5.9MB
-
Sample
240409-t1q59sfg4z
-
MD5
23b9965c9fce686675f192a4797a11ea
-
SHA1
54a5aed0c51b6c982baec46e6e340e2c2668f746
-
SHA256
bf9b5cb372635440e959c22ca0dbdb817c8790bd44c87cdc97dd053b592cb4df
-
SHA512
c42fc0f8bb2240f2ca42bd2f374a963ddfc091c4ad09ebef802a2a5c6f2ce9ebf84d08d6e6e809e0f1a4fe6c12c8f587d41a6457e3b4a81d7feedde3427e16f7
-
SSDEEP
98304:gJDqy911KEyyccqUosaCQ4RLKvhYGGOJ4vxnpX8pvIfqDfVvALTLV4h0Z9X1+w5Z:gJOy91rfaUoEQGOUxmRZv6Xm0Pl+w5nZ
Behavioral task
behavioral1
Sample
Origin Spoofer.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
Origin Spoofer.exe
-
Size
5.9MB
-
MD5
23b9965c9fce686675f192a4797a11ea
-
SHA1
54a5aed0c51b6c982baec46e6e340e2c2668f746
-
SHA256
bf9b5cb372635440e959c22ca0dbdb817c8790bd44c87cdc97dd053b592cb4df
-
SHA512
c42fc0f8bb2240f2ca42bd2f374a963ddfc091c4ad09ebef802a2a5c6f2ce9ebf84d08d6e6e809e0f1a4fe6c12c8f587d41a6457e3b4a81d7feedde3427e16f7
-
SSDEEP
98304:gJDqy911KEyyccqUosaCQ4RLKvhYGGOJ4vxnpX8pvIfqDfVvALTLV4h0Z9X1+w5Z:gJOy91rfaUoEQGOUxmRZv6Xm0Pl+w5nZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-