General
-
Target
ffa9f281b96ec7bb4031411bc19adf7bcfb967459c17bd232ac90d8a4de51552
-
Size
2.3MB
-
Sample
240428-glc9mshe35
-
MD5
4f8b6dd4985f4de8013e979f1eaef4ac
-
SHA1
41b0b12968d8472aafcab617bfdb3e7c93447ec9
-
SHA256
ffa9f281b96ec7bb4031411bc19adf7bcfb967459c17bd232ac90d8a4de51552
-
SHA512
9d8d4da3984b8ca0f3b868d793ced979b84b45cb3efd769a96716c2134107466e2708db4bf7cac90dc905f18bd9dc27960fbbfc49a48c607bc75b1675e635375
-
SSDEEP
49152:Ug69SebPPiKgYyzuyneb3OVOhKtYN209AEToSQH7+jR1:Ug69SebiZuyUeK2aAs0+jD
Static task
static1
Behavioral task
behavioral1
Sample
ffa9f281b96ec7bb4031411bc19adf7bcfb967459c17bd232ac90d8a4de51552.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ffa9f281b96ec7bb4031411bc19adf7bcfb967459c17bd232ac90d8a4de51552
-
Size
2.3MB
-
MD5
4f8b6dd4985f4de8013e979f1eaef4ac
-
SHA1
41b0b12968d8472aafcab617bfdb3e7c93447ec9
-
SHA256
ffa9f281b96ec7bb4031411bc19adf7bcfb967459c17bd232ac90d8a4de51552
-
SHA512
9d8d4da3984b8ca0f3b868d793ced979b84b45cb3efd769a96716c2134107466e2708db4bf7cac90dc905f18bd9dc27960fbbfc49a48c607bc75b1675e635375
-
SSDEEP
49152:Ug69SebPPiKgYyzuyneb3OVOhKtYN209AEToSQH7+jR1:Ug69SebiZuyUeK2aAs0+jD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-