General
-
Target
EZchfRaCC.exe
-
Size
11.0MB
-
Sample
240629-1433ka1dnq
-
MD5
bd5a8169adb73f6b7bbfd9a9f750fd18
-
SHA1
d42adb2df95ec4babf23518bdc1d28a402c622c1
-
SHA256
cf212e61cc9276e565b603e5775df105297824296d72e5bcab27c4c740995c2f
-
SHA512
84da5c54c8d46f6099f96150459087f6893daca7ece79d0ae3c768832f99d5824d799fa22eb9bffa76745b019b2686cfd077e7a14a3204fcb6c9ff341fc287a7
-
SSDEEP
196608:xjTpPgLww1nInTLTxw7t4z5OdwGgHaU54JbtaLv8Vbk1q0CWUe1Zjanz93h8+glD:xjIT1Inzxw549fN6+ixEvwo1qWUAjeyH
Malware Config
Targets
-
-
Target
EZchfRaCC.exe
-
Size
11.0MB
-
MD5
bd5a8169adb73f6b7bbfd9a9f750fd18
-
SHA1
d42adb2df95ec4babf23518bdc1d28a402c622c1
-
SHA256
cf212e61cc9276e565b603e5775df105297824296d72e5bcab27c4c740995c2f
-
SHA512
84da5c54c8d46f6099f96150459087f6893daca7ece79d0ae3c768832f99d5824d799fa22eb9bffa76745b019b2686cfd077e7a14a3204fcb6c9ff341fc287a7
-
SSDEEP
196608:xjTpPgLww1nInTLTxw7t4z5OdwGgHaU54JbtaLv8Vbk1q0CWUe1Zjanz93h8+glD:xjIT1Inzxw549fN6+ixEvwo1qWUAjeyH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-