General
-
Target
CL_Installer.exe
-
Size
4.6MB
-
Sample
240622-ptwpysybmh
-
MD5
5daf288e79a1258c4848ce9a2bba01d2
-
SHA1
60f6c09d653da9f1fcf7af8b9df457173396c62d
-
SHA256
34a0e42c74687f94b44e9fad9f4ffaaa769ccce60c4a1acccfabc469de29f787
-
SHA512
b4c035d92086d973c8aca9f8f8121b4ac32625d66006338f68b335432f01ad28f4c08e0916866ff2bdb4fbe4ee3cbf6c07bbfd07ed57b1b058b29d9d5ee3710f
-
SSDEEP
98304:OcPE5igmLbGMeUaRxcgDxDMMAYBMDk7H0FyL:O2ZdaRx/DxHio7Hmi
Behavioral task
behavioral1
Sample
CL_Installer.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
CL_Installer.exe
-
Size
4.6MB
-
MD5
5daf288e79a1258c4848ce9a2bba01d2
-
SHA1
60f6c09d653da9f1fcf7af8b9df457173396c62d
-
SHA256
34a0e42c74687f94b44e9fad9f4ffaaa769ccce60c4a1acccfabc469de29f787
-
SHA512
b4c035d92086d973c8aca9f8f8121b4ac32625d66006338f68b335432f01ad28f4c08e0916866ff2bdb4fbe4ee3cbf6c07bbfd07ed57b1b058b29d9d5ee3710f
-
SSDEEP
98304:OcPE5igmLbGMeUaRxcgDxDMMAYBMDk7H0FyL:O2ZdaRx/DxHio7Hmi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-