General
-
Target
fb24cf43a3384fa6212035d9d72d6966c51ea5cb46155ef19b264e0e16678bc3
-
Size
4.5MB
-
Sample
240524-cqfhcahh26
-
MD5
2e1091b3bfda430d52c06cae92f79b28
-
SHA1
485d6060bc34ea99c24ddf86cd06b72f102e26e5
-
SHA256
fb24cf43a3384fa6212035d9d72d6966c51ea5cb46155ef19b264e0e16678bc3
-
SHA512
ae3bd586697fcef1c40b5f0756d0af705395f4061ec4cd3de168069af2d33d667280128ffc64a7ab0adfef6688bd58cde8799845f84be12acb237c75ab0ba040
-
SSDEEP
98304:SBpRHYKlurMS8cL7gw5b8nsEPSQzEYQMrP8+RmwlTlAQvNK6ThfOHo:SB3f04SLL7g/sgjQMrP8Ym2RAQvPTVt
Behavioral task
behavioral1
Sample
fb24cf43a3384fa6212035d9d72d6966c51ea5cb46155ef19b264e0e16678bc3.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
fb24cf43a3384fa6212035d9d72d6966c51ea5cb46155ef19b264e0e16678bc3
-
Size
4.5MB
-
MD5
2e1091b3bfda430d52c06cae92f79b28
-
SHA1
485d6060bc34ea99c24ddf86cd06b72f102e26e5
-
SHA256
fb24cf43a3384fa6212035d9d72d6966c51ea5cb46155ef19b264e0e16678bc3
-
SHA512
ae3bd586697fcef1c40b5f0756d0af705395f4061ec4cd3de168069af2d33d667280128ffc64a7ab0adfef6688bd58cde8799845f84be12acb237c75ab0ba040
-
SSDEEP
98304:SBpRHYKlurMS8cL7gw5b8nsEPSQzEYQMrP8+RmwlTlAQvNK6ThfOHo:SB3f04SLL7g/sgjQMrP8Ym2RAQvPTVt
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-