General
-
Target
YErb4fob3Zfa9s0ACYtpUHgyb.exe
-
Size
5.1MB
-
Sample
240630-zxyzlayeqq
-
MD5
4eeb4851e21eb25d0b1532c75bc5d983
-
SHA1
c8c33cf9e2fa02402f06abd4d790e920146da60b
-
SHA256
6ad75992217a3b28bc5fe875016f8d13d83ac56730022b03341afb478179bbfa
-
SHA512
ca1d331175bd172811c255e98badd8244397b048454e736a94b4e2fd0cca4ab3455c3603a5953c3e26cec7493fdf23099126cd2808102c61d599d01d0ddc358e
-
SSDEEP
98304:dBb0vjPesuu2bphf6mXUljWBFAn29uzvBknCLpNoSm0fy5nq:/bATunfZXU9WB/9uzKny0q
Malware Config
Targets
-
-
Target
YErb4fob3Zfa9s0ACYtpUHgyb.exe
-
Size
5.1MB
-
MD5
4eeb4851e21eb25d0b1532c75bc5d983
-
SHA1
c8c33cf9e2fa02402f06abd4d790e920146da60b
-
SHA256
6ad75992217a3b28bc5fe875016f8d13d83ac56730022b03341afb478179bbfa
-
SHA512
ca1d331175bd172811c255e98badd8244397b048454e736a94b4e2fd0cca4ab3455c3603a5953c3e26cec7493fdf23099126cd2808102c61d599d01d0ddc358e
-
SSDEEP
98304:dBb0vjPesuu2bphf6mXUljWBFAn29uzvBknCLpNoSm0fy5nq:/bATunfZXU9WB/9uzKny0q
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-