General
-
Target
soudneff.exe
-
Size
1.7MB
-
Sample
250304-j7arravxbz
-
MD5
efac52cc9304919d4f9e49c56bdbd484
-
SHA1
68e90fd0a473ba822bb4f708d718afcbbd660850
-
SHA256
e903bd6ec4817fca7a718b770d6d6a509c7e522cbebb41bd26e48bfe009d0510
-
SHA512
9185437c21c56772d3dd7172269b3569380b518e78c8cb9dcf947968476d4d79beb2aeb31da66d3736a2a0f3be88d3caf86d9ba79c59608aaca196c409466ada
-
SSDEEP
49152:dWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtV:dhGW4OOCbhGQ
Static task
static1
Behavioral task
behavioral1
Sample
soudneff.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
soudneff.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
systembc
towerbingobongoboom.com
213.209.150.137
Targets
-
-
Target
soudneff.exe
-
Size
1.7MB
-
MD5
efac52cc9304919d4f9e49c56bdbd484
-
SHA1
68e90fd0a473ba822bb4f708d718afcbbd660850
-
SHA256
e903bd6ec4817fca7a718b770d6d6a509c7e522cbebb41bd26e48bfe009d0510
-
SHA512
9185437c21c56772d3dd7172269b3569380b518e78c8cb9dcf947968476d4d79beb2aeb31da66d3736a2a0f3be88d3caf86d9ba79c59608aaca196c409466ada
-
SSDEEP
49152:dWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtV:dhGW4OOCbhGQ
Score10/10-
Systembc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-