General
-
Target
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315
-
Size
6.1MB
-
Sample
240526-rtf1lsac79
-
MD5
9e7fb76f5fd5ead7c3245a874abd6a3e
-
SHA1
fb2d2fb7b08ee61187ccf9188b7c5905006a0a6d
-
SHA256
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315
-
SHA512
75b30932d2884f209f54f3cc72755cf1a4256be376d6b168f61f3cb0dd098c7e3c1ab8c640a3a9e5985cbc1203d74867b0a28c17e84720433f8e6270792a55c1
-
SSDEEP
98304:u6vzOve+1npo85PKknn/G8ccoODEp4qpznJcHIwSD9HrNTTaGNqbbc4mty:uT2+1uoPvn+RcoP3pqH1kNijbzz
Static task
static1
Behavioral task
behavioral1
Sample
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315
-
Size
6.1MB
-
MD5
9e7fb76f5fd5ead7c3245a874abd6a3e
-
SHA1
fb2d2fb7b08ee61187ccf9188b7c5905006a0a6d
-
SHA256
4e3983725a2a9d13964daab871bb80dd53cf622720d3ee2fb238e828f838c315
-
SHA512
75b30932d2884f209f54f3cc72755cf1a4256be376d6b168f61f3cb0dd098c7e3c1ab8c640a3a9e5985cbc1203d74867b0a28c17e84720433f8e6270792a55c1
-
SSDEEP
98304:u6vzOve+1npo85PKknn/G8ccoODEp4qpznJcHIwSD9HrNTTaGNqbbc4mty:uT2+1uoPvn+RcoP3pqH1kNijbzz
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-