General
-
Target
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727
-
Size
10.7MB
-
Sample
240526-e7xjasfh53
-
MD5
f7e4d09e48a812f65c796d8e91d58836
-
SHA1
bd4f52879a09024e5b0d6cd2caf945b6e7616b43
-
SHA256
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727
-
SHA512
190905b4111a0e021649aee6d443b5f3dc929d48e9e4c51dd330289113cc988d05487f3a01819e29f50b416379dfbdfa74e490532bf635a3c4303c5fa8b11f13
-
SSDEEP
196608:Q1C6UD6Ux3YHHT5un1a00y/S44zIe+W7E5FqnIyahvFj3iIqv:QeDpkH1RybK+Wo3qtahvFj+v
Static task
static1
Behavioral task
behavioral1
Sample
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727
-
Size
10.7MB
-
MD5
f7e4d09e48a812f65c796d8e91d58836
-
SHA1
bd4f52879a09024e5b0d6cd2caf945b6e7616b43
-
SHA256
416e5a6b700095ace52068a73da95e3770c66ef55103ed410d9d55109acc7727
-
SHA512
190905b4111a0e021649aee6d443b5f3dc929d48e9e4c51dd330289113cc988d05487f3a01819e29f50b416379dfbdfa74e490532bf635a3c4303c5fa8b11f13
-
SSDEEP
196608:Q1C6UD6Ux3YHHT5un1a00y/S44zIe+W7E5FqnIyahvFj3iIqv:QeDpkH1RybK+Wo3qtahvFj+v
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-