General
-
Target
HAZ_Unlocker.exe
-
Size
33.3MB
-
Sample
240903-nmlqqswgrg
-
MD5
fdc60622dd3320e1b1cda60458b69445
-
SHA1
d4e73049205b82884ca272ba2a5335eae7187cf6
-
SHA256
a1dab11543bd6cd8c221078b152957257b4056fefb431709002441eb22f971f3
-
SHA512
b6af0a9173c7c11e7ea4b5084275bf3fd6421282ac34ec9fbcc9fd789743c0442ab3298916320057a83b4a229eaf9ad24e0bb8304caf79c4a0d93fca7b9d9791
-
SSDEEP
786432:gFSA+9GoeHNzPzqU6xf0LcaJMnh9xgJs9TNrIx/CE:TP9XQGoissZNrIxp
Malware Config
Targets
-
-
Target
HAZ_Unlocker.exe
-
Size
33.3MB
-
MD5
fdc60622dd3320e1b1cda60458b69445
-
SHA1
d4e73049205b82884ca272ba2a5335eae7187cf6
-
SHA256
a1dab11543bd6cd8c221078b152957257b4056fefb431709002441eb22f971f3
-
SHA512
b6af0a9173c7c11e7ea4b5084275bf3fd6421282ac34ec9fbcc9fd789743c0442ab3298916320057a83b4a229eaf9ad24e0bb8304caf79c4a0d93fca7b9d9791
-
SSDEEP
786432:gFSA+9GoeHNzPzqU6xf0LcaJMnh9xgJs9TNrIx/CE:TP9XQGoissZNrIxp
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1