General
-
Target
MW2019_VIP.exe
-
Size
5.5MB
-
Sample
240701-bw2gbsscja
-
MD5
19595e158228641282d88264642899eb
-
SHA1
99ab466acb14b66d19711984c74884fa62021dc1
-
SHA256
2156b5680ac6d329f93bbe7993a2acd725b6abb53ae0e4b4ea76ec41176c4627
-
SHA512
60b77bee0bc6097c546523e79c367241cb733f4b90b00b77b0c5262893fe7102adf17eefe4b7289baafee6bfc3a5f4b7a59dd8850a12142628e11496b10883be
-
SSDEEP
98304:buvioI5S9jWCQx4+HS1nLn9BmJbTB3NKfjlSwd3O0qa:buvisjFieLn9INofjlndf
Behavioral task
behavioral1
Sample
MW2019_VIP.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
MW2019_VIP.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
MW2019_VIP.exe
-
Size
5.5MB
-
MD5
19595e158228641282d88264642899eb
-
SHA1
99ab466acb14b66d19711984c74884fa62021dc1
-
SHA256
2156b5680ac6d329f93bbe7993a2acd725b6abb53ae0e4b4ea76ec41176c4627
-
SHA512
60b77bee0bc6097c546523e79c367241cb733f4b90b00b77b0c5262893fe7102adf17eefe4b7289baafee6bfc3a5f4b7a59dd8850a12142628e11496b10883be
-
SSDEEP
98304:buvioI5S9jWCQx4+HS1nLn9BmJbTB3NKfjlSwd3O0qa:buvisjFieLn9INofjlndf
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies boot configuration data using bcdedit
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-