General
-
Target
fsfpv5.exe
-
Size
14.9MB
-
Sample
240610-j8wqlsfa57
-
MD5
734fcc794ebd38934873568c6efa8655
-
SHA1
b9f3eae58f07b773f94da5435c25556f5818e7ef
-
SHA256
184f79b0b16d11216e8ee8e899f8d83800e717f0676d56ef66e0a4b11aeca998
-
SHA512
154c7fab6b9b3cab6a17f0351d7b3f9f479e571d1236f6d7581380a21aff4d67fc257ccb738bc6ac2155e9926838ace55a08340009c393ef61236ab70301702e
-
SSDEEP
393216:rhlhSIitEuuYYd0kwyzMfQuPPDYgglPi7OsuLsU3oq:nUtjhYBDYQuHDYGaSq
Behavioral task
behavioral1
Sample
fsfpv5.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
fsfpv5.exe
-
Size
14.9MB
-
MD5
734fcc794ebd38934873568c6efa8655
-
SHA1
b9f3eae58f07b773f94da5435c25556f5818e7ef
-
SHA256
184f79b0b16d11216e8ee8e899f8d83800e717f0676d56ef66e0a4b11aeca998
-
SHA512
154c7fab6b9b3cab6a17f0351d7b3f9f479e571d1236f6d7581380a21aff4d67fc257ccb738bc6ac2155e9926838ace55a08340009c393ef61236ab70301702e
-
SSDEEP
393216:rhlhSIitEuuYYd0kwyzMfQuPPDYgglPi7OsuLsU3oq:nUtjhYBDYQuHDYGaSq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-