General
-
Target
TAISNAYH.exe
-
Size
4.0MB
-
Sample
240425-kyfr3shc7y
-
MD5
6197e468a842e2af45919fb19223baca
-
SHA1
f26d4642522bb3b260deda379e98b631d5b4534b
-
SHA256
c11fe57c5de22e46da19be13e40f58725b824c6eabdc1ad5b9e733cd882e962c
-
SHA512
69a657a00c15ca3e71d841717b36ead90fc9c5d2ba57155c638f5d136977537a77aebbe0778cd0bc8cb9fb58121b8d86c4a1ee6cc1dd71960da68a15c13c1d27
-
SSDEEP
98304:JBfYxlJMiUPTIrOJzUxSSw2IIgIytrlWu6GMLou0ZvglqLsVGQjdhMH:/AWiUkrOGzwUgIytrlWuFuyvgoY+
Behavioral task
behavioral1
Sample
TAISNAYH.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
TAISNAYH.exe
-
Size
4.0MB
-
MD5
6197e468a842e2af45919fb19223baca
-
SHA1
f26d4642522bb3b260deda379e98b631d5b4534b
-
SHA256
c11fe57c5de22e46da19be13e40f58725b824c6eabdc1ad5b9e733cd882e962c
-
SHA512
69a657a00c15ca3e71d841717b36ead90fc9c5d2ba57155c638f5d136977537a77aebbe0778cd0bc8cb9fb58121b8d86c4a1ee6cc1dd71960da68a15c13c1d27
-
SSDEEP
98304:JBfYxlJMiUPTIrOJzUxSSw2IIgIytrlWu6GMLou0ZvglqLsVGQjdhMH:/AWiUkrOGzwUgIytrlWuFuyvgoY+
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-