General
-
Target
ef09f772-350c-4678-96ce-70827b3a27e7e.exe
-
Size
3.0MB
-
Sample
240523-pptd2ahh33
-
MD5
471644e45f2711066d5e0d46753b6ebd
-
SHA1
cfbf5b438c9fe34e57a750f5a9d448a47893f340
-
SHA256
53fd6e8fd802e2f7c0f287055bc5cec034bba490de4f8a9b5dc124701cf7eb28
-
SHA512
40fb8570aaf4e83536ffd9ccc1e979208fbaeb77a06ee8f2ec09604088c1ca72192d6da86995a3db08a0613ad79ea794bd514c2c20aa26b6b673e36a89ee907e
-
SSDEEP
49152:mHzYtGYQQprYh3B3VG8dMVp+77/RfxS8TP9Tfzlu0I9K02fZMOVjCJWLpBp8lVfm:AmG8pkv3VDMuP/RfxS8VTbluXK02RMmH
Malware Config
Targets
-
-
Target
ef09f772-350c-4678-96ce-70827b3a27e7e.exe
-
Size
3.0MB
-
MD5
471644e45f2711066d5e0d46753b6ebd
-
SHA1
cfbf5b438c9fe34e57a750f5a9d448a47893f340
-
SHA256
53fd6e8fd802e2f7c0f287055bc5cec034bba490de4f8a9b5dc124701cf7eb28
-
SHA512
40fb8570aaf4e83536ffd9ccc1e979208fbaeb77a06ee8f2ec09604088c1ca72192d6da86995a3db08a0613ad79ea794bd514c2c20aa26b6b673e36a89ee907e
-
SSDEEP
49152:mHzYtGYQQprYh3B3VG8dMVp+77/RfxS8TP9Tfzlu0I9K02fZMOVjCJWLpBp8lVfm:AmG8pkv3VDMuP/RfxS8VTbluXK02RMmH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-