General
-
Target
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b
-
Size
10.7MB
-
Sample
240525-vl7edabc8z
-
MD5
5bb06b586e351ed629ad2df682e3cd08
-
SHA1
a77d8e8a481d9b80c44130740c123281cfd02725
-
SHA256
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b
-
SHA512
5586e0d5849ff584a2aa01f87897eae17eb3e0603ebc93ac03f6a792c3cbf281da1b52aa9f02d1777e908bd681097bb1d27031751292b6cfff39031f8647916f
-
SSDEEP
196608:22AJiFVZOSyiMLgDV+dvUnz/DvBE9d2VkMHnpBeqECtKeo9pBWDYixo:cDh8DVdnry/2ZpBeNtCYf
Static task
static1
Behavioral task
behavioral1
Sample
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b
-
Size
10.7MB
-
MD5
5bb06b586e351ed629ad2df682e3cd08
-
SHA1
a77d8e8a481d9b80c44130740c123281cfd02725
-
SHA256
2fbe19206c1f621dedc9feeffe2ff1042d2bf4e55003b6f9b67934302b1b244b
-
SHA512
5586e0d5849ff584a2aa01f87897eae17eb3e0603ebc93ac03f6a792c3cbf281da1b52aa9f02d1777e908bd681097bb1d27031751292b6cfff39031f8647916f
-
SSDEEP
196608:22AJiFVZOSyiMLgDV+dvUnz/DvBE9d2VkMHnpBeqECtKeo9pBWDYixo:cDh8DVdnry/2ZpBeNtCYf
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-