General
-
Target
2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5
-
Size
3.9MB
-
Sample
240526-k6ws9seb27
-
MD5
05610aaec5183a6b37fb1b0177ef3110
-
SHA1
42ff8165d48ebd81e449c90bfeaf808366ca9745
-
SHA256
2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5
-
SHA512
59269b02ca6eaba7ad9895a94ceb7278f51b7a90f9aba5209b67865a477c4cc09d4724dbb2054209a8078c630de64f79039994011cf6c84009a586af19cff146
-
SSDEEP
98304:8iJM4l7QGx7D9q6j/IrxIdowPAnY41w/9v65VinbzJNB7I:8x4icCxNY41w/9v6biLd
Static task
static1
Behavioral task
behavioral1
Sample
2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5
-
Size
3.9MB
-
MD5
05610aaec5183a6b37fb1b0177ef3110
-
SHA1
42ff8165d48ebd81e449c90bfeaf808366ca9745
-
SHA256
2a6e8c82e7a5129140b7f3b58dfe26e8e6035017397191286a417fdbd1e0aeb5
-
SHA512
59269b02ca6eaba7ad9895a94ceb7278f51b7a90f9aba5209b67865a477c4cc09d4724dbb2054209a8078c630de64f79039994011cf6c84009a586af19cff146
-
SSDEEP
98304:8iJM4l7QGx7D9q6j/IrxIdowPAnY41w/9v65VinbzJNB7I:8x4icCxNY41w/9v6biLd
-
Detect Blackmoon payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-