General
-
Target
OwlSpoofer.exe
-
Size
18.2MB
-
Sample
240630-acpgzstcjq
-
MD5
185718a300595abf8d4ed832b198a13c
-
SHA1
4a6b157163e335a509f9a59152e59867e877bb34
-
SHA256
e6e140c55ceea03d51f38a7fb2bb75b0bbdd81c8bda7f7f0f59c77566e5d6d16
-
SHA512
5d4478cc67b6b45ba92dbeb3cf938d3e573d8934c7f56b6e22fe842bbeb82c0a058c6bfa1c5860eabbaf0575f307eecf60f3a2c11415d1065546a2cd72316ea7
-
SSDEEP
393216:oEjNae2obngY6gXIx5ndL01+l+uq+VvbW+eGQRXMTozGxu8C0ibftJXMu9:1jNae2obnBfXIxRR01+l+uqgvbW+e5Rd
Static task
static1
Malware Config
Targets
-
-
Target
OwlSpoofer.exe
-
Size
18.2MB
-
MD5
185718a300595abf8d4ed832b198a13c
-
SHA1
4a6b157163e335a509f9a59152e59867e877bb34
-
SHA256
e6e140c55ceea03d51f38a7fb2bb75b0bbdd81c8bda7f7f0f59c77566e5d6d16
-
SHA512
5d4478cc67b6b45ba92dbeb3cf938d3e573d8934c7f56b6e22fe842bbeb82c0a058c6bfa1c5860eabbaf0575f307eecf60f3a2c11415d1065546a2cd72316ea7
-
SSDEEP
393216:oEjNae2obngY6gXIx5ndL01+l+uq+VvbW+eGQRXMTozGxu8C0ibftJXMu9:1jNae2obnBfXIxRR01+l+uqgvbW+e5Rd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-