General
-
Target
f8ccf655e416a26391fe937325abedc3b440a0c8633890e3db67138b0e880f48
-
Size
9.0MB
-
Sample
240420-g5cgfsae64
-
MD5
7ab0d6855e98c95ba7e0078d4f84c507
-
SHA1
801bdb9f4336061e2d691fc602cf7ed23bcf79cc
-
SHA256
f8ccf655e416a26391fe937325abedc3b440a0c8633890e3db67138b0e880f48
-
SHA512
20665ab8623cf24cf1780b0762560bc4d8756bce04c4bf03af7fe0f7968b335730b399a88c2907ac15d6703b4df6101f3787bfe2493ece929dbb23d0e69d2234
-
SSDEEP
196608:DCbBGw80criwuyqu/r8mjYKCWw8mGkzF4hCmU/NJpqg/phlQB+N:DC2cPyqu/reKGvGkGChNjqGhlg+N
Static task
static1
Behavioral task
behavioral1
Sample
f8ccf655e416a26391fe937325abedc3b440a0c8633890e3db67138b0e880f48.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
f8ccf655e416a26391fe937325abedc3b440a0c8633890e3db67138b0e880f48
-
Size
9.0MB
-
MD5
7ab0d6855e98c95ba7e0078d4f84c507
-
SHA1
801bdb9f4336061e2d691fc602cf7ed23bcf79cc
-
SHA256
f8ccf655e416a26391fe937325abedc3b440a0c8633890e3db67138b0e880f48
-
SHA512
20665ab8623cf24cf1780b0762560bc4d8756bce04c4bf03af7fe0f7968b335730b399a88c2907ac15d6703b4df6101f3787bfe2493ece929dbb23d0e69d2234
-
SSDEEP
196608:DCbBGw80criwuyqu/r8mjYKCWw8mGkzF4hCmU/NJpqg/phlQB+N:DC2cPyqu/reKGvGkGChNjqGhlg+N
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-