General
-
Target
REFLEX_V3.exe
-
Size
5.7MB
-
Sample
240630-3ss5bszapa
-
MD5
177ce961679d6ef708bdd1d6a24724e5
-
SHA1
55be52bff20821d00cbc9a09ba21edef98aadf46
-
SHA256
d8a6e6ed914c5e3fb8ce3b5e49eb12f99008a4f13dbad9d9c3e6b64dfdd5bf98
-
SHA512
c96d62701bdc212bb626e2ca3ecaceabd40a9f55f2779416a03e51d25bc5a0ff8c83727cb9aa8bc6a50f7efb1a9a00c2c2eb74b1fafa81cecdce0542c483b768
-
SSDEEP
98304:Sf914CcbNkOTh/HXwb7E/Ge7IO7aPmBdW/r3NBrzgoEIqy6iRnOQ48qFA:Sfz4Txt3wbqaIZE/r3NqoEdyVzeq
Malware Config
Targets
-
-
Target
REFLEX_V3.exe
-
Size
5.7MB
-
MD5
177ce961679d6ef708bdd1d6a24724e5
-
SHA1
55be52bff20821d00cbc9a09ba21edef98aadf46
-
SHA256
d8a6e6ed914c5e3fb8ce3b5e49eb12f99008a4f13dbad9d9c3e6b64dfdd5bf98
-
SHA512
c96d62701bdc212bb626e2ca3ecaceabd40a9f55f2779416a03e51d25bc5a0ff8c83727cb9aa8bc6a50f7efb1a9a00c2c2eb74b1fafa81cecdce0542c483b768
-
SSDEEP
98304:Sf914CcbNkOTh/HXwb7E/Ge7IO7aPmBdW/r3NBrzgoEIqy6iRnOQ48qFA:Sfz4Txt3wbqaIZE/r3NqoEdyVzeq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-