General
-
Target
file.exe
-
Size
4.2MB
-
Sample
241117-sylbkashrp
-
MD5
f1aefbe49a406f12313f1c56deb2e3cd
-
SHA1
182c4978fd940c4d7f504fe985477fe0512cf1f9
-
SHA256
5e8e38f8b153083db2940a4a7e169f3118880ae012c12e87a7a976060d0b1b52
-
SHA512
69e0f083e93b3c0a5ee153e4c6b89cb50bc5bbc4fc9c589606856de518e5705d54219f5e0fda01a6b9d53e03ab76836d335bc3d4a47047590438abd51c36ef78
-
SSDEEP
98304:4otD52k8suSvvYB9QkFhQ1wl+iuIW9sjOE9hr0bTBB98:4oSkld4bQkF6Cl+Vh09hrkBBC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.2MB
-
MD5
f1aefbe49a406f12313f1c56deb2e3cd
-
SHA1
182c4978fd940c4d7f504fe985477fe0512cf1f9
-
SHA256
5e8e38f8b153083db2940a4a7e169f3118880ae012c12e87a7a976060d0b1b52
-
SHA512
69e0f083e93b3c0a5ee153e4c6b89cb50bc5bbc4fc9c589606856de518e5705d54219f5e0fda01a6b9d53e03ab76836d335bc3d4a47047590438abd51c36ef78
-
SSDEEP
98304:4otD52k8suSvvYB9QkFhQ1wl+iuIW9sjOE9hr0bTBB98:4oSkld4bQkF6Cl+Vh09hrkBBC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-