General
-
Target
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594
-
Size
8.2MB
-
Sample
240524-elgwqacd72
-
MD5
a69d6d196023fe771b595133bb87210d
-
SHA1
3d9769bf7cb4758fb30654bcef090840363dffc0
-
SHA256
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594
-
SHA512
346b322723e11bcf7f6a4dce9812496a045a2c8e941dc64f494e387c0d50aaa3850448138f3ee60e05a4a4444a946049e082d6b3700f696880606ce76bc580e5
-
SSDEEP
196608:fde6BYKQLRWZgVd5tefuyjOn96AF/ESFHatyiJXtrJOVqYhqwiGq:13uzQZiJkjO96hSFHjwXtrJuqYh1iz
Static task
static1
Behavioral task
behavioral1
Sample
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594
-
Size
8.2MB
-
MD5
a69d6d196023fe771b595133bb87210d
-
SHA1
3d9769bf7cb4758fb30654bcef090840363dffc0
-
SHA256
f0d879e854e8ac396932489d451a3032d039153abf66ad0db864e7ad7a0c9594
-
SHA512
346b322723e11bcf7f6a4dce9812496a045a2c8e941dc64f494e387c0d50aaa3850448138f3ee60e05a4a4444a946049e082d6b3700f696880606ce76bc580e5
-
SSDEEP
196608:fde6BYKQLRWZgVd5tefuyjOn96AF/ESFHatyiJXtrJOVqYhqwiGq:13uzQZiJkjO96hSFHjwXtrJuqYh1iz
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-