General
-
Target
HV_x64_build.exe
-
Size
3.3MB
-
Sample
240611-jgnkxsygrg
-
MD5
a1806cf65bc308eb5a7d0cb9f99bb0fd
-
SHA1
737536505d790acf659a841ca363c43b65019948
-
SHA256
3800235b9c767007ae8bcea37cecc720d787a97b46d6adea7e73ac305c6cb192
-
SHA512
5daf41c943aba03f0b90ae8d320373d2d0ea1dcd7709f879917c1841dbc871f73722df75eaec4e7f8037c32d5950a492718ba4d1eae178ce2f90832a560e843f
-
SSDEEP
98304:G8FjnRkdKkBErWKdoQEqjkSMmiqElz+7IIY7dMIn/HGHxmoCrwUZ:G8nwKxrzoQEhlqIa7rYeQmHxmoCrwUZ
Behavioral task
behavioral1
Sample
HV_x64_build.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
HV_x64_build.exe
-
Size
3.3MB
-
MD5
a1806cf65bc308eb5a7d0cb9f99bb0fd
-
SHA1
737536505d790acf659a841ca363c43b65019948
-
SHA256
3800235b9c767007ae8bcea37cecc720d787a97b46d6adea7e73ac305c6cb192
-
SHA512
5daf41c943aba03f0b90ae8d320373d2d0ea1dcd7709f879917c1841dbc871f73722df75eaec4e7f8037c32d5950a492718ba4d1eae178ce2f90832a560e843f
-
SSDEEP
98304:G8FjnRkdKkBErWKdoQEqjkSMmiqElz+7IIY7dMIn/HGHxmoCrwUZ:G8nwKxrzoQEhlqIa7rYeQmHxmoCrwUZ
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-