General
-
Target
Temp-Spoofer.exe
-
Size
3.2MB
-
Sample
240630-rxea7asfrl
-
MD5
77c92538ef329e1847377a641d338a99
-
SHA1
cea16e9c7262661b4473b7c765697491df8e20c3
-
SHA256
f05bca401bf81914873c7423f0737e881db82c9ee67477652e36e3e766fcd750
-
SHA512
2299cfe8eb617f28e83b1d3e745bff6dd7e6ef8f85db514ce53593187b05e2d676b0f92571dd29e95e4aae4632d7a5fe05889705207ef881c3fbd5ea612df97e
-
SSDEEP
98304:dEs2Xgoz2aZjpzNWkFbwC3X9OWnPtZX9E:di2ahWYZ3p1ZXq
Behavioral task
behavioral1
Sample
Temp-Spoofer.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Temp-Spoofer.exe
-
Size
3.2MB
-
MD5
77c92538ef329e1847377a641d338a99
-
SHA1
cea16e9c7262661b4473b7c765697491df8e20c3
-
SHA256
f05bca401bf81914873c7423f0737e881db82c9ee67477652e36e3e766fcd750
-
SHA512
2299cfe8eb617f28e83b1d3e745bff6dd7e6ef8f85db514ce53593187b05e2d676b0f92571dd29e95e4aae4632d7a5fe05889705207ef881c3fbd5ea612df97e
-
SSDEEP
98304:dEs2Xgoz2aZjpzNWkFbwC3X9OWnPtZX9E:di2ahWYZ3p1ZXq
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-