General
-
Target
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87
-
Size
1.4MB
-
Sample
240526-cepa4sbe59
-
MD5
2dadc15d27c5e042fc2c6259905ef541
-
SHA1
22b8b03795322082655ad94bc2723448dda1105d
-
SHA256
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87
-
SHA512
e157ebadabb36852214d85749fa732cabcc8c7fdc2c32569fbbceb249cce79177d64e0c3214919df42460df5652e90b5fac1bcbc3241dc48c1ac291e6e31212b
-
SSDEEP
24576:43VrNRRXiOMCH1bVALweNfipAom/TiMIyEz3hC+EGTDTn0OZMD43OlTBrcy3q0qy:grdyOjb6weRi6b9zxA37mRcOFq
Static task
static1
Behavioral task
behavioral1
Sample
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87
-
Size
1.4MB
-
MD5
2dadc15d27c5e042fc2c6259905ef541
-
SHA1
22b8b03795322082655ad94bc2723448dda1105d
-
SHA256
b472f030c9bf4acc1825f4579345d91d081d57f28c896b4b3b6dfa8531812a87
-
SHA512
e157ebadabb36852214d85749fa732cabcc8c7fdc2c32569fbbceb249cce79177d64e0c3214919df42460df5652e90b5fac1bcbc3241dc48c1ac291e6e31212b
-
SSDEEP
24576:43VrNRRXiOMCH1bVALweNfipAom/TiMIyEz3hC+EGTDTn0OZMD43OlTBrcy3q0qy:grdyOjb6weRi6b9zxA37mRcOFq
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-