General
-
Target
8f301697992932857a7cfb2413d550875abfa9fd.png
-
Size
9KB
-
Sample
240525-fxjecsfe82
-
MD5
4ed38cdcba9b8464a3f8ab8de93ad26b
-
SHA1
9d54d888071d9052759c0e920e70bf78f75d37b1
-
SHA256
4c2f21b40e409accd331738fd7fa9d07bb9daffc5a71a70d1e6b59fc7569e578
-
SHA512
f2c2387f9c4fd45363e931ab1babb2d5159aec4e04723a58de743e132de8c13297c79df115fe0b25f94e25d14b39aa85c865a8a82e2e7c56557782a20062d8ac
-
SSDEEP
192:709+rt9P3KATOXP/26Y9BQw/jdLkWkw2PoOco8szf/ZIn:7drtlFTOMQw/j5523coHq
Static task
static1
Behavioral task
behavioral1
Sample
8f301697992932857a7cfb2413d550875abfa9fd.png
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
8f301697992932857a7cfb2413d550875abfa9fd.png
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Targets
-
-
Target
8f301697992932857a7cfb2413d550875abfa9fd.png
-
Size
9KB
-
MD5
4ed38cdcba9b8464a3f8ab8de93ad26b
-
SHA1
9d54d888071d9052759c0e920e70bf78f75d37b1
-
SHA256
4c2f21b40e409accd331738fd7fa9d07bb9daffc5a71a70d1e6b59fc7569e578
-
SHA512
f2c2387f9c4fd45363e931ab1babb2d5159aec4e04723a58de743e132de8c13297c79df115fe0b25f94e25d14b39aa85c865a8a82e2e7c56557782a20062d8ac
-
SSDEEP
192:709+rt9P3KATOXP/26Y9BQw/jdLkWkw2PoOco8szf/ZIn:7drtlFTOMQw/j5523coHq
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-