General
-
Target
ma_perm.exe
-
Size
26.0MB
-
Sample
240618-azgqnavarj
-
MD5
eb990ea0e33cf7a00a866c0429bab52c
-
SHA1
94caa1a5ac044d0a37c88d77d7ab08b4f1f5dc3f
-
SHA256
5a18ee2a12d34db4527f08b5ec29d8f2ea9cbd2c4121ddc3dbe3b04282eea6df
-
SHA512
038066bdf091e4debf5ef3bfefe51aa2852eedde05e096e7949d9fca10523eec385e5d873fe3c98ead2f9e1804ed0144c7852da7916d623e36052485245355bc
-
SSDEEP
786432:rahwU+Pz7ah3RGwRIVpCc4VTbdL++TKXgMUnN1IG77d:Ghw76BGwRIVp94VvdL++TxMUnNaA
Behavioral task
behavioral1
Sample
ma_perm.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
ma_perm.exe
-
Size
26.0MB
-
MD5
eb990ea0e33cf7a00a866c0429bab52c
-
SHA1
94caa1a5ac044d0a37c88d77d7ab08b4f1f5dc3f
-
SHA256
5a18ee2a12d34db4527f08b5ec29d8f2ea9cbd2c4121ddc3dbe3b04282eea6df
-
SHA512
038066bdf091e4debf5ef3bfefe51aa2852eedde05e096e7949d9fca10523eec385e5d873fe3c98ead2f9e1804ed0144c7852da7916d623e36052485245355bc
-
SSDEEP
786432:rahwU+Pz7ah3RGwRIVpCc4VTbdL++TKXgMUnN1IG77d:Ghw76BGwRIVp94VvdL++TxMUnNaA
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-