General
-
Target
hairtist.exe
-
Size
4.8MB
-
Sample
240428-l9qbbsdf2z
-
MD5
8bdb368fe2ccdd70d3f0f4fe1b69b080
-
SHA1
ea6f62f0aa53c921d579e1c50fcf2f68e2b2dbf1
-
SHA256
91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724
-
SHA512
0ba49b2cc9f5615eadb18fdbcb319bc4191b9e56817814dd8ec279d7c7eb592e7f42e6054f4eed6a09763bbd74df802188fa2a84d9a1542b1df233de5c511cd6
-
SSDEEP
98304:3y3Raqqrq5TliunkEY4W4GuY2j3TrVkomgsCuf9R624jTqekgjyVKRj1h:ovllFkE5VlTPKpgsCuf16qe3xb
Static task
static1
Behavioral task
behavioral1
Sample
hairtist.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
hairtist.exe
-
Size
4.8MB
-
MD5
8bdb368fe2ccdd70d3f0f4fe1b69b080
-
SHA1
ea6f62f0aa53c921d579e1c50fcf2f68e2b2dbf1
-
SHA256
91b861cdf4a5f60b3d40b48e9357fc8e586f203022d22345764be5035e2fe724
-
SHA512
0ba49b2cc9f5615eadb18fdbcb319bc4191b9e56817814dd8ec279d7c7eb592e7f42e6054f4eed6a09763bbd74df802188fa2a84d9a1542b1df233de5c511cd6
-
SSDEEP
98304:3y3Raqqrq5TliunkEY4W4GuY2j3TrVkomgsCuf9R624jTqekgjyVKRj1h:ovllFkE5VlTPKpgsCuf16qe3xb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-