General
-
Target
file.exe
-
Size
1.9MB
-
Sample
241209-2t9b9syreq
-
MD5
3acaa0d2f010b5962a1ee0687334660d
-
SHA1
0f6c414ffaa5e9052365719ea76c81b795130fe5
-
SHA256
617514b5e721e4963f6b93f203452f7988a0f4c30db06748b90bb202331c3e73
-
SHA512
af6349f44b5ce73adfeb9186ce201a706b7dcd0109690326bd768f84cb01ea71aa62066b63a33a6f438296e7309418af215228a9e052ab03ad372c14df2fa9bd
-
SSDEEP
49152:2IXCwTtHr7srlsjLBifaY7tKWmegnmyj8MXiWr+ZsI06h9:208Nfa0K+gnh8M/r+Zsw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.9MB
-
MD5
3acaa0d2f010b5962a1ee0687334660d
-
SHA1
0f6c414ffaa5e9052365719ea76c81b795130fe5
-
SHA256
617514b5e721e4963f6b93f203452f7988a0f4c30db06748b90bb202331c3e73
-
SHA512
af6349f44b5ce73adfeb9186ce201a706b7dcd0109690326bd768f84cb01ea71aa62066b63a33a6f438296e7309418af215228a9e052ab03ad372c14df2fa9bd
-
SSDEEP
49152:2IXCwTtHr7srlsjLBifaY7tKWmegnmyj8MXiWr+ZsI06h9:208Nfa0K+gnh8M/r+Zsw
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-