General
-
Target
utility-1.0.6.3.exe
-
Size
83.1MB
-
Sample
250127-zbwmcavngq
-
MD5
f1b839e3e730d65be42c55ae50fc9108
-
SHA1
5abd2f6f1a8e194021c8f9032753eeafb0af54e7
-
SHA256
1b57734ff8cb74b218aa7c0920933e21142006a868f16e1ff51fab4f1d93d965
-
SHA512
c52bd2db3e6bf255f6719552a4575928b4b0a69b15300ee48d46418f6de10d4e1871b575a58454c877e6a3b5beb75597110d4aef137725966105bc9344742a95
-
SSDEEP
1572864:XH5NKTg39geYPkantXvZx9IuBoFQWeLlL+G3ELmKWu5IK4lsOHJ10TER94Jc:nKc39bYPk6BvxBoFVeLFLEyNu5j2HJO2
Static task
static1
Behavioral task
behavioral1
Sample
utility-1.0.6.3.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
utility-1.0.6.3.exe
-
Size
83.1MB
-
MD5
f1b839e3e730d65be42c55ae50fc9108
-
SHA1
5abd2f6f1a8e194021c8f9032753eeafb0af54e7
-
SHA256
1b57734ff8cb74b218aa7c0920933e21142006a868f16e1ff51fab4f1d93d965
-
SHA512
c52bd2db3e6bf255f6719552a4575928b4b0a69b15300ee48d46418f6de10d4e1871b575a58454c877e6a3b5beb75597110d4aef137725966105bc9344742a95
-
SSDEEP
1572864:XH5NKTg39geYPkantXvZx9IuBoFQWeLlL+G3ELmKWu5IK4lsOHJ10TER94Jc:nKc39bYPk6BvxBoFVeLFLEyNu5j2HJO2
Score9/10-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-