General
-
Target
Winlocker Builder v0.6.rar
-
Size
1.7MB
-
Sample
250127-zdy59avkc1
-
MD5
392116260c9688561bf4388a6688802a
-
SHA1
ca96d5d4a5d09d3907777bf515d4ef872229ec06
-
SHA256
db1ed914707af2fc9d0f262dbc8951d00d83ae59f5955dafbe7778e5f1ba5e06
-
SHA512
c541116c6bb88a3833c9a48532a5c4fdf78235028b7e6a9d497f77b9b7736056c4273eb4937ae5c28aa03bc8236598881d987679abdca15e981c891828cf7c59
-
SSDEEP
49152:4HrKncTTQ0NKlQkkq1/vZWuRqbFCekOE0bxo:PcT00eT1nZWSOr+
Static task
static1
Behavioral task
behavioral1
Sample
Winlocker Builder v0.6.rar
Resource
win10ltsc2021-20250113-en
Malware Config
Targets
-
-
Target
Winlocker Builder v0.6.rar
-
Size
1.7MB
-
MD5
392116260c9688561bf4388a6688802a
-
SHA1
ca96d5d4a5d09d3907777bf515d4ef872229ec06
-
SHA256
db1ed914707af2fc9d0f262dbc8951d00d83ae59f5955dafbe7778e5f1ba5e06
-
SHA512
c541116c6bb88a3833c9a48532a5c4fdf78235028b7e6a9d497f77b9b7736056c4273eb4937ae5c28aa03bc8236598881d987679abdca15e981c891828cf7c59
-
SSDEEP
49152:4HrKncTTQ0NKlQkkq1/vZWuRqbFCekOE0bxo:PcT00eT1nZWSOr+
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-