General
-
Target
attach.exe
-
Size
7.2MB
-
Sample
240629-rcpw7ayfph
-
MD5
f62e5aa2bcb4175883567eecdbe38a7f
-
SHA1
b8e18f4f24f6cf05c07632dd33642cab63496a92
-
SHA256
774912ebd243b08c7eeffa65a116fc08d77dde40b02e594add99e77e89818404
-
SHA512
50da071e88e8f8029b85a31193737906b8c43d65dbc0535b8f8143625c65e63e51198f5e0b37640469fffe7a607180d4e85c4bfc04061c397d08ee95acae395e
-
SSDEEP
98304:bZDK5HATQ3EhBFN00BuFli965v2nZdDo45ow3ON+9MbJsoLwplq+rdZNumaO41uY:CgchgIQYO7oU2NEy/LmzfNumqUbZG
Malware Config
Targets
-
-
Target
attach.exe
-
Size
7.2MB
-
MD5
f62e5aa2bcb4175883567eecdbe38a7f
-
SHA1
b8e18f4f24f6cf05c07632dd33642cab63496a92
-
SHA256
774912ebd243b08c7eeffa65a116fc08d77dde40b02e594add99e77e89818404
-
SHA512
50da071e88e8f8029b85a31193737906b8c43d65dbc0535b8f8143625c65e63e51198f5e0b37640469fffe7a607180d4e85c4bfc04061c397d08ee95acae395e
-
SSDEEP
98304:bZDK5HATQ3EhBFN00BuFli965v2nZdDo45ow3ON+9MbJsoLwplq+rdZNumaO41uY:CgchgIQYO7oU2NEy/LmzfNumqUbZG
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-