General
-
Target
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221
-
Size
10.8MB
-
Sample
240526-rl5zrshh87
-
MD5
5d0fdf7f63aa0f671f56f3625741129e
-
SHA1
65dfd8d91642e0b9419002d10d8fb192668bb0ae
-
SHA256
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221
-
SHA512
622067747ac492117a48d5b7e345f0277e40da4c966ba1e03791fddd31a90e8be7ba4aec4cce17ba61cace6d4b38bd2d1bcb2b334abe4216e86368fe3a0828a6
-
SSDEEP
196608:aGIL+ta9fpe37tmkdNl9/6zNC4wPdrj6acBF1mo0Lk0hWayZ:aGFw9BWm8NmzNFwPdP6Hxq1s
Static task
static1
Behavioral task
behavioral1
Sample
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221
-
Size
10.8MB
-
MD5
5d0fdf7f63aa0f671f56f3625741129e
-
SHA1
65dfd8d91642e0b9419002d10d8fb192668bb0ae
-
SHA256
1b55be7a86a29b28efdc8319e54e2f6895e4b41ad245a54ed9aba01efbd9e221
-
SHA512
622067747ac492117a48d5b7e345f0277e40da4c966ba1e03791fddd31a90e8be7ba4aec4cce17ba61cace6d4b38bd2d1bcb2b334abe4216e86368fe3a0828a6
-
SSDEEP
196608:aGIL+ta9fpe37tmkdNl9/6zNC4wPdrj6acBF1mo0Lk0hWayZ:aGFw9BWm8NmzNFwPdP6Hxq1s
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-