General
-
Target
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e
-
Size
4.0MB
-
Sample
240526-g6yfbahg7z
-
MD5
695c749185d6f024569b86b5f7cb8eef
-
SHA1
a569e85d9c0b9d589d429053bc279532a69bab4d
-
SHA256
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e
-
SHA512
43402abf4658faf7adaf3e73a0f45abe66154cb3cad81a88f4362d39b8914129e1c7914716f969a7672416ce491c47d2fadb7b10e82a7b33d6f57bacffddf7a9
-
SSDEEP
49152:B24oY11v4h6XbJjzEk4rZEQDyBRBBwhAsKYzEqqNcWj4IkvLZxYkxO1AWrWuERV2:5o4d4kFAZE9UhDzEqkcWeLZ+1dwV6cw
Static task
static1
Behavioral task
behavioral1
Sample
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e
-
Size
4.0MB
-
MD5
695c749185d6f024569b86b5f7cb8eef
-
SHA1
a569e85d9c0b9d589d429053bc279532a69bab4d
-
SHA256
315230e53e5fd34341771d46f82c37028f1d784887ae070a2a0b424388753d4e
-
SHA512
43402abf4658faf7adaf3e73a0f45abe66154cb3cad81a88f4362d39b8914129e1c7914716f969a7672416ce491c47d2fadb7b10e82a7b33d6f57bacffddf7a9
-
SSDEEP
49152:B24oY11v4h6XbJjzEk4rZEQDyBRBBwhAsKYzEqqNcWj4IkvLZxYkxO1AWrWuERV2:5o4d4kFAZE9UhDzEqkcWeLZ+1dwV6cw
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-