General
-
Target
35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8
-
Size
1.8MB
-
Sample
241226-rnfsnaxmc1
-
MD5
66d9f653b8d814277e15556d2eaac183
-
SHA1
58053e45f827dbab2d77122075a963da677d497a
-
SHA256
35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8
-
SHA512
bfc125e436ade80c29c5fb79a5176c036fb9b8f3e0d63ab12eb8a77516b62806b02a4e7ee4c4a39b412c4aae08a73413cf130f06c6d14fd2e5f14fe2beda988a
-
SSDEEP
49152:sAY7O9CuqivE5v8Cge6mkPoW3TV/r5pta/0sEagHnJD:xY7OM1v8RrTV/VPaCaUp
Static task
static1
Behavioral task
behavioral1
Sample
35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8
-
Size
1.8MB
-
MD5
66d9f653b8d814277e15556d2eaac183
-
SHA1
58053e45f827dbab2d77122075a963da677d497a
-
SHA256
35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8
-
SHA512
bfc125e436ade80c29c5fb79a5176c036fb9b8f3e0d63ab12eb8a77516b62806b02a4e7ee4c4a39b412c4aae08a73413cf130f06c6d14fd2e5f14fe2beda988a
-
SSDEEP
49152:sAY7O9CuqivE5v8Cge6mkPoW3TV/r5pta/0sEagHnJD:xY7OM1v8RrTV/VPaCaUp
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-