General
-
Target
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c
-
Size
10.8MB
-
Sample
240526-h822ysbc2s
-
MD5
18a27aebff3f23c496895cc4ffb96461
-
SHA1
08d7ab24387e03de0938c4a83a165fb3da74d2fe
-
SHA256
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c
-
SHA512
72ec02de05d5f7277fa368f444b6e9b66e8820ad66bc383cef62e77ef69101c804061519c0ecd0adf79c713c847473c9c408699effd1e2a7c77b5bae58837218
-
SSDEEP
196608:M2ybK/0Oei+Cpi8f4VvaxuxFZoURn58dZh89aqQAoAvzgRR3atkg:M2ybK/XPxpiNzxEU7EZW9hQpAv2xatD
Static task
static1
Behavioral task
behavioral1
Sample
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c
-
Size
10.8MB
-
MD5
18a27aebff3f23c496895cc4ffb96461
-
SHA1
08d7ab24387e03de0938c4a83a165fb3da74d2fe
-
SHA256
cce4faaf6c336afc83f65e69e41ccf3388b820d99493e53f935b1074b6d9720c
-
SHA512
72ec02de05d5f7277fa368f444b6e9b66e8820ad66bc383cef62e77ef69101c804061519c0ecd0adf79c713c847473c9c408699effd1e2a7c77b5bae58837218
-
SSDEEP
196608:M2ybK/0Oei+Cpi8f4VvaxuxFZoURn58dZh89aqQAoAvzgRR3atkg:M2ybK/XPxpiNzxEU7EZW9hQpAv2xatD
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-