General
-
Target
files.zip
-
Size
11.9MB
-
Sample
240621-w42saayhpc
-
MD5
b395211b60d6186e7a831098ae4d8d84
-
SHA1
dbbcacd7bdf5f9d8c178316176a4f7c62f32df72
-
SHA256
754c0ab103289ee5562debcf47b71a94abec388ebb73bfa16469ff736b8d72f6
-
SHA512
a16874cf2da56a186dc82f38efbe9145743f12e2cbe079fea53f4cd24352e82f15f4be3a034c280d4bab9b8377a88a3714dda6a72c9f5cef9eb527aa4dfb41aa
-
SSDEEP
196608:PXU6ugONJrnbmdtuXizk0kVoTucXxD2een08BfuscapuOUTKxY0NmRPwZ8y1CMN1:PFugMu6PvKhD2e+0qunSlUOeRpy1CMiS
Static task
static1
Behavioral task
behavioral1
Sample
files/Setup.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
files/Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
files/Setup.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
files/Setup.exe
-
Size
8.5MB
-
MD5
98169506fec94c2b12ba9930ad704515
-
SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428
-
SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
-
SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30
-
SSDEEP
196608:vdoUox8PFOegKz+qE1cnuyHgv3eZaOxqeXY4K:vC0O9m7EWEvbOxqetK
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Suspicious use of SetThreadContext
-