General
-
Target
PS5Emux_v1.1.0.zip
-
Size
15.5MB
-
Sample
240610-m5gztsha38
-
MD5
48f286657c7576a5915a2b23f7971e45
-
SHA1
23b013cb870906ed46420cf7aa00f2d45374c13a
-
SHA256
8c9f450453ece5ce1a01b2867c7e4e85be29ae8ef4430c095019d87d40361b96
-
SHA512
fdc64902098a92377bbcd508f38ff48d89cc43f9512446fff131b2b2f493614c9e262601f35f5f1585b3224e4952dd5db60008131e28109007515c465bcbadad
-
SSDEEP
393216:RyG8fUPWiFZNU8OeXUHUqx112yEloYM1wgWx4mSiH2m3f3WJM5:58fcWMZNaQqv1Ilo184mv5Z5
Static task
static1
Malware Config
Targets
-
-
Target
installer.zip
-
Size
15.5MB
-
MD5
da36fb3463fc5672fb4e9ae0e63c8b82
-
SHA1
aaebcdc5aebb6ab15c4437c22bb40a275b295982
-
SHA256
a01e4ab460c96ccb58a40709703088bc997395490ac5fa9eae4d143f0e7e9b5d
-
SHA512
1da7fd3d18d1e5a48182b5ae0a4642c762d5f771748271dd17b9281ec12fb07ee6c06c227fc34ef3d59d75a7f505715969e1c136ee8efd7d97b7fbc50ed2ad45
-
SSDEEP
393216:ZyG8fUPWiFZNU8OeXUHUqx112yEloYM1wgWx4mSiH2m3f3WJMD:B8fcWMZNaQqv1Ilo184mv5ZD
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-