General
-
Target
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557
-
Size
14.6MB
-
Sample
240525-xetwtaee63
-
MD5
51f8844e1ffe0784c96c775213e12da7
-
SHA1
d96bef1c07db5088160a5e4e362cfe7f22a61ab5
-
SHA256
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557
-
SHA512
b4a76b3b19db4865abc3db6c534d73c9f2ed69dd37cbc50069cdc2a484df713c5f78e98db03770a9ce43fa8024ef7ca26c64ea599c278be091e39ebd7b433c01
-
SSDEEP
393216:RWMypjm/mSh6gcMGo13D7VquFeRq5solYLML5vnF:IM0ykgcfotDzei3AML5vF
Static task
static1
Behavioral task
behavioral1
Sample
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557
-
Size
14.6MB
-
MD5
51f8844e1ffe0784c96c775213e12da7
-
SHA1
d96bef1c07db5088160a5e4e362cfe7f22a61ab5
-
SHA256
cd3fd72c86defc317c58ae5fb7bc7fcb6ee7e2c37d3bb0aa214fa3552602b557
-
SHA512
b4a76b3b19db4865abc3db6c534d73c9f2ed69dd37cbc50069cdc2a484df713c5f78e98db03770a9ce43fa8024ef7ca26c64ea599c278be091e39ebd7b433c01
-
SSDEEP
393216:RWMypjm/mSh6gcMGo13D7VquFeRq5solYLML5vnF:IM0ykgcfotDzei3AML5vF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-