General
-
Target
CL_Installer_protected.exe
-
Size
5.1MB
-
Sample
240622-pvvt2sybqf
-
MD5
d39cf4c5376e86f0f03d36831938708a
-
SHA1
813bab7361820a4e82c03ee11ff6421a3d90f858
-
SHA256
63dd1a76533b1d11edf0116c9ce51bce6d851dee19954c0d46b8413befb01790
-
SHA512
8809117ac6bb7ff5fb7be6b49f294a6822e877e02210be5fd895683ff8fbb5ac3c20e0aba3eef78573e27489a13ab128f42b5f310aa0a6fbf6eb8541adb7a987
-
SSDEEP
98304:FfVAxIJKvJlUl9N31HTc3XbTliNRP2nT1OAqYBMDk7H0FyL:xCEKBlUPN3icNRcTKo7Hmi
Behavioral task
behavioral1
Sample
CL_Installer_protected.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
CL_Installer_protected.exe
-
Size
5.1MB
-
MD5
d39cf4c5376e86f0f03d36831938708a
-
SHA1
813bab7361820a4e82c03ee11ff6421a3d90f858
-
SHA256
63dd1a76533b1d11edf0116c9ce51bce6d851dee19954c0d46b8413befb01790
-
SHA512
8809117ac6bb7ff5fb7be6b49f294a6822e877e02210be5fd895683ff8fbb5ac3c20e0aba3eef78573e27489a13ab128f42b5f310aa0a6fbf6eb8541adb7a987
-
SSDEEP
98304:FfVAxIJKvJlUl9N31HTc3XbTliNRP2nT1OAqYBMDk7H0FyL:xCEKBlUPN3icNRcTKo7Hmi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-