General
-
Target
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf
-
Size
10.8MB
-
Sample
240526-gfkfrshg42
-
MD5
ed8c3746afab2fdebfeec407f0e90c64
-
SHA1
3bd8fb8fbd43a1dbddec28d19d315e93f2f4d7ef
-
SHA256
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf
-
SHA512
7cd5ea6374b0d78f59a8f2ed3c3c85732a8402e11b7d02031cc08dd69fa2ca5005313635c6c03403a182db19d671e47ded8d31dd7de28afe28303ddb9ac630e1
-
SSDEEP
196608:vj1xkwPiTd6Dt4xihHkYP7ohyMvvSloVReEg19lZL+DS3at18vIKm:vcwP3t4xihEYPshNvKnEw6C/In
Static task
static1
Behavioral task
behavioral1
Sample
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf
-
Size
10.8MB
-
MD5
ed8c3746afab2fdebfeec407f0e90c64
-
SHA1
3bd8fb8fbd43a1dbddec28d19d315e93f2f4d7ef
-
SHA256
365e87bcd811ad6e91b2bc02d344704411b576e3a7eb2406ae15d26f02a2efcf
-
SHA512
7cd5ea6374b0d78f59a8f2ed3c3c85732a8402e11b7d02031cc08dd69fa2ca5005313635c6c03403a182db19d671e47ded8d31dd7de28afe28303ddb9ac630e1
-
SSDEEP
196608:vj1xkwPiTd6Dt4xihHkYP7ohyMvvSloVReEg19lZL+DS3at18vIKm:vcwP3t4xihEYPshNvKnEw6C/In
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-