General
-
Target
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9
-
Size
6.4MB
-
Sample
240524-cs88fahh41
-
MD5
d3e9210aa4a1370372f634408cd50408
-
SHA1
175e769ea48c7b811c67125870c1c9a6dd21bfa6
-
SHA256
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9
-
SHA512
d50826c26b21fc03cfb6ddf5cdde6ce45eac386772ba722affc4fb05610dbd1f9b48ca961dad3fb01236b1e49997804a85daa622917b4ea9319845866039187e
-
SSDEEP
196608:kD+tbedA3rslP2qepV65d8qCjkrWH8gsXt/2Oa:kDs3AlXNR1fd2Oa
Static task
static1
Behavioral task
behavioral1
Sample
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9
-
Size
6.4MB
-
MD5
d3e9210aa4a1370372f634408cd50408
-
SHA1
175e769ea48c7b811c67125870c1c9a6dd21bfa6
-
SHA256
55aa3050d6dd84749bb98a79727a56e9058ff2936ae701340a713ea5ce32abb9
-
SHA512
d50826c26b21fc03cfb6ddf5cdde6ce45eac386772ba722affc4fb05610dbd1f9b48ca961dad3fb01236b1e49997804a85daa622917b4ea9319845866039187e
-
SSDEEP
196608:kD+tbedA3rslP2qepV65d8qCjkrWH8gsXt/2Oa:kDs3AlXNR1fd2Oa
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-