General
-
Target
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f
-
Size
14.7MB
-
Sample
240524-ee4f5sca7z
-
MD5
91f74a6083c29751deea67224b7e3cf1
-
SHA1
0ec83f574d9b70baee097a9e551e8cb1aa390753
-
SHA256
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f
-
SHA512
6471ae889ba1ea3e0d8e88f2eef761d16676801f24cf52c124c9ac327b1b498793750cc245b93207f5fe70951db218d083473b80bb2fd5f025dd1d255b02c663
-
SSDEEP
393216:rJs0I43rH4iUAo13D7VquFeRq5solYLjfz5vnJ:9s0IMMwotDzei3Ajr5vJ
Static task
static1
Behavioral task
behavioral1
Sample
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f
-
Size
14.7MB
-
MD5
91f74a6083c29751deea67224b7e3cf1
-
SHA1
0ec83f574d9b70baee097a9e551e8cb1aa390753
-
SHA256
5fbc631ea30c63abaae79f792b28d9ba9e2ae864802cbf0f1a3ef8e552bf993f
-
SHA512
6471ae889ba1ea3e0d8e88f2eef761d16676801f24cf52c124c9ac327b1b498793750cc245b93207f5fe70951db218d083473b80bb2fd5f025dd1d255b02c663
-
SSDEEP
393216:rJs0I43rH4iUAo13D7VquFeRq5solYLjfz5vnJ:9s0IMMwotDzei3Ajr5vJ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-