General
-
Target
28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
-
Size
8.9MB
-
Sample
240420-g5ea2sbc2w
-
MD5
f281abd8226e385f65dba548ceeb6880
-
SHA1
30e3ac41b5cc46e0f05dd376f1ef5a8fcd578f59
-
SHA256
28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
-
SHA512
e9d909a2a56417ace8c406a503b3b6347c56f1e69799a4a540886bfcd9d7296e050ade08be3bec3f4694331ce192a73cd0f54d3256150199a4b5cbcbdfa1bc4f
-
SSDEEP
196608:41O9+q/coflcLhLz41UglDDP1qRfQuobWdbmJ6H++f:41lq/Z0vYDZqRIbibD3
Static task
static1
Behavioral task
behavioral1
Sample
28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
-
Size
8.9MB
-
MD5
f281abd8226e385f65dba548ceeb6880
-
SHA1
30e3ac41b5cc46e0f05dd376f1ef5a8fcd578f59
-
SHA256
28f582d03477d3d89ea92d7cf093a0b6f7f4c97c23ffe4f49fe5cca25f34e260
-
SHA512
e9d909a2a56417ace8c406a503b3b6347c56f1e69799a4a540886bfcd9d7296e050ade08be3bec3f4694331ce192a73cd0f54d3256150199a4b5cbcbdfa1bc4f
-
SSDEEP
196608:41O9+q/coflcLhLz41UglDDP1qRfQuobWdbmJ6H++f:41lq/Z0vYDZqRIbibD3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-