General
-
Target
SecuriteInfo.com.Win64.Evo-gen.28136.30716.exe
-
Size
4.1MB
-
Sample
240412-nljvraaa66
-
MD5
e636b1cca5d4a405df0f618b73c2df0a
-
SHA1
7f5e0a87ef7952693e454fdd4e303d292fe4397f
-
SHA256
1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213
-
SHA512
d661be8b75320072b7bb9a28c7d08737863d0506062b6260ece4171bb6047fd391300ed56e5363bd852f1789eed0e00f23af5a47dcecbf8de4575c7b875cffec
-
SSDEEP
98304:h4zguqIX/Z8E5wzOxkAAHmY8obinW9GkQlGpBjpqhXHphaRR:h4zguZX6EaOKAAL8w8W9XrjYh3phaRR
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.Evo-gen.28136.30716.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win64.Evo-gen.28136.30716.exe
-
Size
4.1MB
-
MD5
e636b1cca5d4a405df0f618b73c2df0a
-
SHA1
7f5e0a87ef7952693e454fdd4e303d292fe4397f
-
SHA256
1e1db7c0d0c0e06f59ea26fc0e74c240873594c7c590fd9f3e4f34ecb1408213
-
SHA512
d661be8b75320072b7bb9a28c7d08737863d0506062b6260ece4171bb6047fd391300ed56e5363bd852f1789eed0e00f23af5a47dcecbf8de4575c7b875cffec
-
SSDEEP
98304:h4zguqIX/Z8E5wzOxkAAHmY8obinW9GkQlGpBjpqhXHphaRR:h4zguZX6EaOKAAL8w8W9XrjYh3phaRR
-
Modifies firewall policy service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-