General
-
Target
CUMMINS INSITE 8.7 Pro.rar
-
Size
5.1MB
-
Sample
240425-kgk1gahb6v
-
MD5
68b3de20095dda98167dc2cfe1368986
-
SHA1
8ec341145b3feafc6bdf42e33ad15729099d0e41
-
SHA256
c2b9998b798219e8966f25a04411b3910ca1b2901ac8e5e1fde29950264cc6e0
-
SHA512
49231e5138bb4a543956d33956294638f57f3be540516eff61640a3e0781f0673df14a32b779543fa971fddbc634027d9d861738f7631fd71d1c54c4de7f257d
-
SSDEEP
98304:++WUgrcH4z0nZPdCJRwmyx3xQ0S4V7T9c2RCQXfgIyF23xwpVF0/XbEEdgZDiPRa:++Gr+ZlC4mGvV7b5x3gg/bEKR+1Nelc
Static task
static1
Behavioral task
behavioral1
Sample
CUMMINS INSITE 8.7 Pro.rar
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
CUMMINS INSITE 8.7 Pro/INSITE 8.7 Pro.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
CUMMINS INSITE 8.7 Pro.rar
-
Size
5.1MB
-
MD5
68b3de20095dda98167dc2cfe1368986
-
SHA1
8ec341145b3feafc6bdf42e33ad15729099d0e41
-
SHA256
c2b9998b798219e8966f25a04411b3910ca1b2901ac8e5e1fde29950264cc6e0
-
SHA512
49231e5138bb4a543956d33956294638f57f3be540516eff61640a3e0781f0673df14a32b779543fa971fddbc634027d9d861738f7631fd71d1c54c4de7f257d
-
SSDEEP
98304:++WUgrcH4z0nZPdCJRwmyx3xQ0S4V7T9c2RCQXfgIyF23xwpVF0/XbEEdgZDiPRa:++Gr+ZlC4mGvV7b5x3gg/bEKR+1Nelc
Score3/10 -
-
-
Target
CUMMINS INSITE 8.7 Pro/INSITE 8.7 Pro.exe
-
Size
5.1MB
-
MD5
a90c789176cf3aa4fbeb1541758e7001
-
SHA1
89746901191b074d7b36ef7c17c01017a7ad9f66
-
SHA256
f5986e91f714b4f3736ee40a0e197203552034ec956b797b779decfce8e20d5b
-
SHA512
eb86d922e9d96825a3c9aaf003ff2a70ab7534b5276417ae6d0bfbb2322b4f2126e849aed6671d88c31561095d03e912c593c61acad4e03a3880ba3d6b3b844c
-
SSDEEP
98304:HKVf4M+N3gKCai9IiNFeMBAyKdpuYQmmGLQeAjMMtmr6EnQgyxcdxU:qVYiai/FeLpSmmiemr6hxedx
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-