General
-
Target
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698
-
Size
6.3MB
-
Sample
240525-xyf43afa4v
-
MD5
095277b5562bdf73b39b2bac6229c2bf
-
SHA1
e6c7e95a5d2916b288f51e120dc57bbfc81ba468
-
SHA256
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698
-
SHA512
762279a7310164833eacd2101a6a879c13a9926c56987059531458e5d621f508687a477a4ebec316deea3b048a9a0c9f24c27b098f2381c620e1fdfa73d2909e
-
SSDEEP
98304:VIq4inOVzLlGPghuUq1OLXTYGmAl8u7au6DZ9QBFqXPaC/diq0HrUpFL6z8tV:VX4iOVnyghMiVmi8u7au6D0KPaC/sqjl
Static task
static1
Behavioral task
behavioral1
Sample
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698
-
Size
6.3MB
-
MD5
095277b5562bdf73b39b2bac6229c2bf
-
SHA1
e6c7e95a5d2916b288f51e120dc57bbfc81ba468
-
SHA256
1c87c8b0a38ea8a30b3a191582c727e92cbd34618e67328d63bff3e68172f698
-
SHA512
762279a7310164833eacd2101a6a879c13a9926c56987059531458e5d621f508687a477a4ebec316deea3b048a9a0c9f24c27b098f2381c620e1fdfa73d2909e
-
SSDEEP
98304:VIq4inOVzLlGPghuUq1OLXTYGmAl8u7au6DZ9QBFqXPaC/diq0HrUpFL6z8tV:VX4iOVnyghMiVmi8u7au6D0KPaC/sqjl
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-