General
-
Target
vqyyauw.exe
-
Size
5.4MB
-
Sample
241123-va8s3axrex
-
MD5
e882bed1df1394f65df9943cc9726e6f
-
SHA1
53a25b728bd993d12a4ff6bb5d559c40d3701816
-
SHA256
c84d35f2958824982cedc7c88c848bc4ceae2c3389365033a34a52ad0060ca4c
-
SHA512
aedb0526c29eb878c7485c899a42d1cc691dfccb1b7b16e3418ab266888e15d00a148c6201c47a0adcf1db39f24aec6a3bfea9a824702065e1ce2a3c5c9f193b
-
SSDEEP
98304:37QRplXvUQijINsV48p2DN0MvJ7mBdkH1CFYOuwn95gF+C:8rhsQijIV8p2DNjNmRFYGDgFx
Behavioral task
behavioral1
Sample
vqyyauw.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
vqyyauw.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
vqyyauw.exe
-
Size
5.4MB
-
MD5
e882bed1df1394f65df9943cc9726e6f
-
SHA1
53a25b728bd993d12a4ff6bb5d559c40d3701816
-
SHA256
c84d35f2958824982cedc7c88c848bc4ceae2c3389365033a34a52ad0060ca4c
-
SHA512
aedb0526c29eb878c7485c899a42d1cc691dfccb1b7b16e3418ab266888e15d00a148c6201c47a0adcf1db39f24aec6a3bfea9a824702065e1ce2a3c5c9f193b
-
SSDEEP
98304:37QRplXvUQijINsV48p2DN0MvJ7mBdkH1CFYOuwn95gF+C:8rhsQijIV8p2DNjNmRFYGDgFx
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-