General
-
Target
MW3_Unlocker.exe
-
Size
6.8MB
-
Sample
240411-yx9knabh23
-
MD5
48bc3d96299415b27b9e0729e7d1a2cc
-
SHA1
97cfe1359eea93442803ca6433f7f4ae2911539f
-
SHA256
4ac3e5f718c595936378e46fd4ba8c7ba310ff70a95fc06fc1a542ef7ca131e9
-
SHA512
e162cc12c810c97057627f6a0803ee6b6ef56bd503389dfafc528b688982ff85c3ad1afcdb0bdaf7f4fa64266faae13bc4cd4b19786afde0d53b2ee9cd8f290e
-
SSDEEP
98304:YRz+EgEa8mPm6X9tutcuDtZv20Y92VcDwwOtNN/ZDxmY6dNlQTsW6BprECXh4KFF:kDuPm6rIDK0YIt/ZLONy4poyeygZCWPa
Behavioral task
behavioral1
Sample
MW3_Unlocker.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
MW3_Unlocker.exe
-
Size
6.8MB
-
MD5
48bc3d96299415b27b9e0729e7d1a2cc
-
SHA1
97cfe1359eea93442803ca6433f7f4ae2911539f
-
SHA256
4ac3e5f718c595936378e46fd4ba8c7ba310ff70a95fc06fc1a542ef7ca131e9
-
SHA512
e162cc12c810c97057627f6a0803ee6b6ef56bd503389dfafc528b688982ff85c3ad1afcdb0bdaf7f4fa64266faae13bc4cd4b19786afde0d53b2ee9cd8f290e
-
SSDEEP
98304:YRz+EgEa8mPm6X9tutcuDtZv20Y92VcDwwOtNN/ZDxmY6dNlQTsW6BprECXh4KFF:kDuPm6rIDK0YIt/ZLONy4poyeygZCWPa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-