General
-
Target
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c
-
Size
4.4MB
-
Sample
240525-ydpfdafg4z
-
MD5
5de35bf2a5c775600ee0dda327208977
-
SHA1
437d33a9b8acfa8c579395e280233f837ac37c32
-
SHA256
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c
-
SHA512
c7b088cd3972a07de92db055b55474a623ed0ab3e7282024da5d82481c201f5c0eaad258d83ac7ae01d90e175cee37aeb64989117e83ee7c7a59ca525723bb9e
-
SSDEEP
98304:fE/JUhJQj4nKE/oe6im51pRUzXnzc7YArZ4JBAUZLvfi3:M2oOJoVZU7zyYxJV7fi3
Behavioral task
behavioral1
Sample
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c
-
Size
4.4MB
-
MD5
5de35bf2a5c775600ee0dda327208977
-
SHA1
437d33a9b8acfa8c579395e280233f837ac37c32
-
SHA256
56d0ec47b14d2222747153f157d113af3966e39b7cc575f0b759594d7756ae0c
-
SHA512
c7b088cd3972a07de92db055b55474a623ed0ab3e7282024da5d82481c201f5c0eaad258d83ac7ae01d90e175cee37aeb64989117e83ee7c7a59ca525723bb9e
-
SSDEEP
98304:fE/JUhJQj4nKE/oe6im51pRUzXnzc7YArZ4JBAUZLvfi3:M2oOJoVZU7zyYxJV7fi3
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-