General
-
Target
loader.zip
-
Size
4.0MB
-
Sample
240425-z9fnsafb79
-
MD5
2ec5fb0a59b69773c91a6e0582deb4e4
-
SHA1
5fb166defd730ca89aa6298f1bd97395f010a3d5
-
SHA256
a1598a7a0a5c1d0b8f1ae301c9a3c53f8f77ac4c03367f4e17323fe4987a6151
-
SHA512
39a7f40dbe00be4f8420661f1258d7d293641d2d020b0e703e7fffb98fa2bd90b1f1ffb934d40540820e89be37b133242ded5168aeb293c0043a5812047dfc0d
-
SSDEEP
98304:OyuYdrs3TfDoraUTHIQeNWPrTPt+lL0SB6NB:Fldw3rMFTHIJA3Pt+lMNB
Behavioral task
behavioral1
Sample
dgDjJOlBVw.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
dgDjJOlBVw.exe
-
Size
4.0MB
-
MD5
3ab5c6f63131356b7cff1f3d9589d699
-
SHA1
291e1fcbbf96d767434c92c6de4e23b19772b64f
-
SHA256
e7fda8d5f3877ce89e26bda689f789eaec23bc063e602df835c843a7ff8a9144
-
SHA512
aef7865b350bf25a5123de903ffb84c947b7c1bfad001427fcf1bae37b6425f107e7b831208651a18529e0e58a3fe3355365101932dc600ef7691922ec9e8547
-
SSDEEP
98304:qyuYdrs3TfDoraUTHIQeNWPrTPt+lL0SB6NF:Rldw3rMFTHIJA3Pt+lMNF
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-