General
-
Target
9249f0602d102b28efd16582d3e1d0aa33c4c3598ea0d60612a549595742ec7e
-
Size
13.0MB
-
Sample
240521-rqbxgsgh86
-
MD5
9f4dcb41af5096272ebcd84649a84d8f
-
SHA1
dc84d62d3c91b99eea8e8ee438f2daa12f68de15
-
SHA256
9249f0602d102b28efd16582d3e1d0aa33c4c3598ea0d60612a549595742ec7e
-
SHA512
4c0f2d712b48d3c44a34c6f11b2402f66767483b9f33125d9ee27ecfbbae6ce77c740170f7a6eaa9423d80f1187fcee0475bd682816256ba644fab014e5f3579
-
SSDEEP
196608:GNH5Zq984XyV3G0aXGkFHQajfz8+Ll/nW0ma8zrtvqTn0bBfuew1fuSzb1lj:GNZ+84F0eFwaH8O/WRa8fU70llpG1l
Static task
static1
Behavioral task
behavioral1
Sample
9249f0602d102b28efd16582d3e1d0aa33c4c3598ea0d60612a549595742ec7e.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
9249f0602d102b28efd16582d3e1d0aa33c4c3598ea0d60612a549595742ec7e
-
Size
13.0MB
-
MD5
9f4dcb41af5096272ebcd84649a84d8f
-
SHA1
dc84d62d3c91b99eea8e8ee438f2daa12f68de15
-
SHA256
9249f0602d102b28efd16582d3e1d0aa33c4c3598ea0d60612a549595742ec7e
-
SHA512
4c0f2d712b48d3c44a34c6f11b2402f66767483b9f33125d9ee27ecfbbae6ce77c740170f7a6eaa9423d80f1187fcee0475bd682816256ba644fab014e5f3579
-
SSDEEP
196608:GNH5Zq984XyV3G0aXGkFHQajfz8+Ll/nW0ma8zrtvqTn0bBfuew1fuSzb1lj:GNZ+84F0eFwaH8O/WRa8fU70llpG1l
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-