General
-
Target
b16a303612f8717a90851727a25fdf61.exe
-
Size
1.9MB
-
Sample
241210-vknwmswkcl
-
MD5
b16a303612f8717a90851727a25fdf61
-
SHA1
20281be28ae8c170b6dff5939fabd5616e9b7d23
-
SHA256
14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc
-
SHA512
c1c83b89a760997dc6740d940628fb7d68e3d82018b55c428ac1fcec0cde4b81ca943ef3dfd247212a14dd5b0eac20e4b4ba7f55b6154ea33a75920be032e196
-
SSDEEP
24576:QWC52/9x0fDxBoxtUneN26Pf/54JF+GhxwTflZz0e+YbFN2VG8vaxY7SyI5LrC0t:pC8/6XN9UneONweQVmC75SS6
Static task
static1
Behavioral task
behavioral1
Sample
b16a303612f8717a90851727a25fdf61.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
b16a303612f8717a90851727a25fdf61.exe
-
Size
1.9MB
-
MD5
b16a303612f8717a90851727a25fdf61
-
SHA1
20281be28ae8c170b6dff5939fabd5616e9b7d23
-
SHA256
14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc
-
SHA512
c1c83b89a760997dc6740d940628fb7d68e3d82018b55c428ac1fcec0cde4b81ca943ef3dfd247212a14dd5b0eac20e4b4ba7f55b6154ea33a75920be032e196
-
SSDEEP
24576:QWC52/9x0fDxBoxtUneN26Pf/54JF+GhxwTflZz0e+YbFN2VG8vaxY7SyI5LrC0t:pC8/6XN9UneONweQVmC75SS6
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-