General
-
Target
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a
-
Size
2.6MB
-
Sample
240525-vt7p4sbf5x
-
MD5
d7ee1da507ba74b68f8d257fd329e679
-
SHA1
bebff232be5d5861a73b03aeaf3efd1caeee9fe5
-
SHA256
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a
-
SHA512
3aa61ee5c4b52f0ba3ef8abf2ce6ad9a083930eee8a52bf84d387b95a52a5f4ae7f5412ced9e0fcfb82d4aec12f1674f8fb923f4c1f10cd43514cc2f25119814
-
SSDEEP
49152:oE4/S9wsz/EPvTwai2pAtwLsR1MFpHpFhKfbMQtn0btuOECZEvW2AxVYDlzw6d3Q:oE4oicaYt6sR1MhF8Mun0JlLcW2AvKR4
Static task
static1
Behavioral task
behavioral1
Sample
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a
-
Size
2.6MB
-
MD5
d7ee1da507ba74b68f8d257fd329e679
-
SHA1
bebff232be5d5861a73b03aeaf3efd1caeee9fe5
-
SHA256
c7a022b144b1c622e1d5f3cbf02ea429d24d81278bc2f27fef040ee9ada31a4a
-
SHA512
3aa61ee5c4b52f0ba3ef8abf2ce6ad9a083930eee8a52bf84d387b95a52a5f4ae7f5412ced9e0fcfb82d4aec12f1674f8fb923f4c1f10cd43514cc2f25119814
-
SSDEEP
49152:oE4/S9wsz/EPvTwai2pAtwLsR1MFpHpFhKfbMQtn0btuOECZEvW2AxVYDlzw6d3Q:oE4oicaYt6sR1MhF8Mun0JlLcW2AvKR4
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-