General
-
Target
cheat.exe
-
Size
4.1MB
-
Sample
240629-qtayxsycph
-
MD5
b0249f1787cef00fb4596ce451efd9d6
-
SHA1
72577826ca5bc08379243f1eb8bf811433d177d5
-
SHA256
0660840bc8a5cdc35eded24f85a5d8bc09473e262f86fc581e50d5693a887bef
-
SHA512
fcdb9398d49193b7961e9cf54687f07c271fa4f6e2ccd4164474e5d45385322d5e1139357af4ff7a7eb35ed71a36265eaa1f5f64853d467fa584fac089461bc4
-
SSDEEP
98304:ESTNaYyX8LiJ4Ec4GuIkjmtlVz2vUqBIE3xD:ESxaYcOEc4GHkjmtlZYU6f3xD
Behavioral task
behavioral1
Sample
cheat.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
cheat.exe
-
Size
4.1MB
-
MD5
b0249f1787cef00fb4596ce451efd9d6
-
SHA1
72577826ca5bc08379243f1eb8bf811433d177d5
-
SHA256
0660840bc8a5cdc35eded24f85a5d8bc09473e262f86fc581e50d5693a887bef
-
SHA512
fcdb9398d49193b7961e9cf54687f07c271fa4f6e2ccd4164474e5d45385322d5e1139357af4ff7a7eb35ed71a36265eaa1f5f64853d467fa584fac089461bc4
-
SSDEEP
98304:ESTNaYyX8LiJ4Ec4GuIkjmtlVz2vUqBIE3xD:ESxaYcOEc4GHkjmtlZYU6f3xD
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-