General
-
Target
SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe
-
Size
4.6MB
-
Sample
240620-stmzlavaph
-
MD5
0a5b3ec2cd9289fba38ba9662f2e6168
-
SHA1
c4689605d20aa3a7a2f56d3c7f9dc9ca7b66d138
-
SHA256
0f0a8de3c71b4e53632e29534b7cc4820759ee4c6727a1c7bd39ab8ec28c9662
-
SHA512
bc8b43565799f21443cd890e3f59a5a112717380da3946a1dd0805fa87d2a8df45186aff19f84ce9246b8a1ade445c5eace5f7e55d4b09788b2c8e95c094edb6
-
SSDEEP
98304:uA+ckuXu1eE7UpgDuqqkSiMu6yoJbKo+Rtg3Y/QcaXJIOIsw+B:u3VuhEIqDuTkS86y2KrRtg3Y/NmIOvB
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win64.TrojanX-gen.15859.30901.exe
-
Size
4.6MB
-
MD5
0a5b3ec2cd9289fba38ba9662f2e6168
-
SHA1
c4689605d20aa3a7a2f56d3c7f9dc9ca7b66d138
-
SHA256
0f0a8de3c71b4e53632e29534b7cc4820759ee4c6727a1c7bd39ab8ec28c9662
-
SHA512
bc8b43565799f21443cd890e3f59a5a112717380da3946a1dd0805fa87d2a8df45186aff19f84ce9246b8a1ade445c5eace5f7e55d4b09788b2c8e95c094edb6
-
SSDEEP
98304:uA+ckuXu1eE7UpgDuqqkSiMu6yoJbKo+Rtg3Y/QcaXJIOIsw+B:u3VuhEIqDuTkS86y2KrRtg3Y/NmIOvB
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-