General
-
Target
igrppr_pfinder.zip
-
Size
15.4MB
-
Sample
240615-al1llswcml
-
MD5
2036d3307dbe4585acf384337ad1cb40
-
SHA1
f4e45df936fe988adaabd880496c781be1c2a189
-
SHA256
152445851c44e16f9efeaebc9d66a73bceb6f34976cc7354501877f008cb8869
-
SHA512
9c83c5228af053c3cece0ee113ca493508eb09eee222882829ea0bc991c747b859900b6736f25261046fbc13a8766df2a093b9eeb1d47eeb924d8ab1309e1c1e
-
SSDEEP
393216:6s6nr99NewcstopZW0bQ13rNUvOOYO8MBCn5Hg5Zo3nNmGh:6sQr9/ect+ZIRNCX6nqZzGh
Static task
static1
Malware Config
Targets
-
-
Target
igrppr_pfinder.zip
-
Size
15.4MB
-
MD5
2036d3307dbe4585acf384337ad1cb40
-
SHA1
f4e45df936fe988adaabd880496c781be1c2a189
-
SHA256
152445851c44e16f9efeaebc9d66a73bceb6f34976cc7354501877f008cb8869
-
SHA512
9c83c5228af053c3cece0ee113ca493508eb09eee222882829ea0bc991c747b859900b6736f25261046fbc13a8766df2a093b9eeb1d47eeb924d8ab1309e1c1e
-
SSDEEP
393216:6s6nr99NewcstopZW0bQ13rNUvOOYO8MBCn5Hg5Zo3nNmGh:6sQr9/ect+ZIRNCX6nqZzGh
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-