General
-
Target
gtr.exe
-
Size
5.3MB
-
Sample
240615-ee5zzaybmb
-
MD5
364ae7d19709187f43d70735d8d6c507
-
SHA1
7fa00e84ec5da13f56a1e31c1b6e479edeabd5f3
-
SHA256
b7f599d78c0a3943f299c67088fcb8821833a0fa62bf3f2ae760c85ebb326006
-
SHA512
e320f4c2f3e5aeccd39d467840be332b23e43040568c6c90840017c99a6227b35a8fda80bab53594c150863e2df320b8a2ffaf442c3ac49fc4caa3925cd1c840
-
SSDEEP
98304:61d+EQnFLbjVCl7oAvoMXZ8RAFgOqMQgFO+WPn84TodRDUG:eUNFTV67oAvoSWXpgxWP8YonDUG
Behavioral task
behavioral1
Sample
gtr.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
gtr.exe
-
Size
5.3MB
-
MD5
364ae7d19709187f43d70735d8d6c507
-
SHA1
7fa00e84ec5da13f56a1e31c1b6e479edeabd5f3
-
SHA256
b7f599d78c0a3943f299c67088fcb8821833a0fa62bf3f2ae760c85ebb326006
-
SHA512
e320f4c2f3e5aeccd39d467840be332b23e43040568c6c90840017c99a6227b35a8fda80bab53594c150863e2df320b8a2ffaf442c3ac49fc4caa3925cd1c840
-
SSDEEP
98304:61d+EQnFLbjVCl7oAvoMXZ8RAFgOqMQgFO+WPn84TodRDUG:eUNFTV67oAvoSWXpgxWP8YonDUG
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies boot configuration data using bcdedit
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-