General
-
Target
37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d.exe
-
Size
4.8MB
-
Sample
240413-bgtsyacc3x
-
MD5
d15459e9b9d12244a57809bc383b2757
-
SHA1
4b41e6b5aa4f88fdf455030db94197d465de993a
-
SHA256
37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d
-
SHA512
40558644ca9918b84a9438a3a2c4d85a97ddec378aed23756e14c57351d4b4c82d6316add1e62243826328e42c766784cee5d6cae41c6fa6c43864f5097a239c
-
SSDEEP
98304:AZ5VfUpCCTIDsAi8LXS2vwJ1EbfdOq5elO:Axf8ivmOfdOq5elO
Behavioral task
behavioral1
Sample
37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d.exe
-
Size
4.8MB
-
MD5
d15459e9b9d12244a57809bc383b2757
-
SHA1
4b41e6b5aa4f88fdf455030db94197d465de993a
-
SHA256
37aef611ec814af2cdcfa198e200cb21ecb46caa30f84d0221a47db1265b889d
-
SHA512
40558644ca9918b84a9438a3a2c4d85a97ddec378aed23756e14c57351d4b4c82d6316add1e62243826328e42c766784cee5d6cae41c6fa6c43864f5097a239c
-
SSDEEP
98304:AZ5VfUpCCTIDsAi8LXS2vwJ1EbfdOq5elO:Axf8ivmOfdOq5elO
-
Modifies firewall policy service
-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-