General
-
Target
0095ed212f431f27183cc0f664bdd0c90502d0d6ea3ade3a7bbb5c91616b1ed5.exe
-
Size
3.6MB
-
Sample
240615-bc51eatbrb
-
MD5
14546e0d876d521f78e6464a33436a28
-
SHA1
e94bcffde8fc921d1c27f5b91d8fae88a294e275
-
SHA256
0095ed212f431f27183cc0f664bdd0c90502d0d6ea3ade3a7bbb5c91616b1ed5
-
SHA512
f473b15924aec88841356b09613efd9957c00694459da527d0e08e0322d7d9412e2fb54f6a9907ecdc2cc37d0753bed40c0840e1f81884cb2085dd3d6d47f213
-
SSDEEP
98304:ns96gMUOCSKlE2UGVE0xxv8y4QPyhHGXwnf3g7iyDC:1CQ2NVEu4QPyhHjf3MZC
Static task
static1
Behavioral task
behavioral1
Sample
0095ed212f431f27183cc0f664bdd0c90502d0d6ea3ade3a7bbb5c91616b1ed5.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
0095ed212f431f27183cc0f664bdd0c90502d0d6ea3ade3a7bbb5c91616b1ed5.exe
-
Size
3.6MB
-
MD5
14546e0d876d521f78e6464a33436a28
-
SHA1
e94bcffde8fc921d1c27f5b91d8fae88a294e275
-
SHA256
0095ed212f431f27183cc0f664bdd0c90502d0d6ea3ade3a7bbb5c91616b1ed5
-
SHA512
f473b15924aec88841356b09613efd9957c00694459da527d0e08e0322d7d9412e2fb54f6a9907ecdc2cc37d0753bed40c0840e1f81884cb2085dd3d6d47f213
-
SSDEEP
98304:ns96gMUOCSKlE2UGVE0xxv8y4QPyhHGXwnf3g7iyDC:1CQ2NVEu4QPyhHjf3MZC
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables packed with Themida
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-