General
-
Target
Module-FiveM.exe
-
Size
26.7MB
-
Sample
240630-za862svbrb
-
MD5
12ee265d5508c4e8fa8c836283e52f35
-
SHA1
9d82d797c3c5871595bd3edc7876676064e77fac
-
SHA256
5b7c4214b1701df925c8d0eb35092656836c7e5e07757bb21cf455215e97aede
-
SHA512
d29284395c506fffcfef4d474dbd700adc5cdbec88e104523a73d796104a0da5358827b5f3ee8daa476f80bcdefb2281703454e2b11f541385eebe457de7f15d
-
SSDEEP
786432:k0QcrErUL3ZJlcp3ZJlc73WfuUITIrUAuP:hQAESZJqBZJqKfhDrfc
Malware Config
Targets
-
-
Target
Module-FiveM.exe
-
Size
26.7MB
-
MD5
12ee265d5508c4e8fa8c836283e52f35
-
SHA1
9d82d797c3c5871595bd3edc7876676064e77fac
-
SHA256
5b7c4214b1701df925c8d0eb35092656836c7e5e07757bb21cf455215e97aede
-
SHA512
d29284395c506fffcfef4d474dbd700adc5cdbec88e104523a73d796104a0da5358827b5f3ee8daa476f80bcdefb2281703454e2b11f541385eebe457de7f15d
-
SSDEEP
786432:k0QcrErUL3ZJlcp3ZJlc73WfuUITIrUAuP:hQAESZJqBZJqKfhDrfc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Modifies file permissions
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-