General
-
Target
OverWolf Crypter 1.1.exe
-
Size
35.3MB
-
Sample
240501-yvwwsafd2t
-
MD5
dea64aebd0b2051617afb8125de0d53e
-
SHA1
b0e4a4b64505d739e8b6cf0cb19daf7f19934e00
-
SHA256
50062d171fd4f80379d3a1bdadc1c4c6c4ac6a2640e708d8471f3dc9614e5ed4
-
SHA512
4d8f781c98dcfbfb9a262127a8fba6042901a49e2dfbeab57212b2ae72930718840dfdbf20058b206c149039c19a8f7be4b13a5c9d8185e572664f2c93160a4e
-
SSDEEP
786432:MfeJhmSTrKdgwppe+aJEe77zZY+HRzO/DPeZry7zd0:jpR+a6CJYGRzO/beVym
Behavioral task
behavioral1
Sample
OverWolf Crypter 1.1.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
OverWolf Crypter 1.1.exe
-
Size
35.3MB
-
MD5
dea64aebd0b2051617afb8125de0d53e
-
SHA1
b0e4a4b64505d739e8b6cf0cb19daf7f19934e00
-
SHA256
50062d171fd4f80379d3a1bdadc1c4c6c4ac6a2640e708d8471f3dc9614e5ed4
-
SHA512
4d8f781c98dcfbfb9a262127a8fba6042901a49e2dfbeab57212b2ae72930718840dfdbf20058b206c149039c19a8f7be4b13a5c9d8185e572664f2c93160a4e
-
SSDEEP
786432:MfeJhmSTrKdgwppe+aJEe77zZY+HRzO/DPeZry7zd0:jpR+a6CJYGRzO/beVym
-
Detect ZGRat V1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-