General
-
Target
SimpleToolZ.exe
-
Size
56.5MB
-
Sample
240701-dn49csvamf
-
MD5
d096ccc62bc5ca43fdaecdeb60579aaf
-
SHA1
ec7ea18a482a749f7d0c02a3e7c0c695ce28b74e
-
SHA256
b8b9a275dd7074b5169977ea5e71d0399845e88408d94b71878a7950d926c316
-
SHA512
006bd3eca1a2d6b16ffd1cb46e0066756eb57abb9b618454a186b1d1fd237bfed23c0bfe197ada61520a9d5e98b2bf360beb528a46687ae5e3c9da60ccd923b2
-
SSDEEP
1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPd:t5ec6C+imvrM0QYoeu1
Static task
static1
Behavioral task
behavioral1
Sample
SimpleToolZ.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SimpleToolZ.exe
-
Size
56.5MB
-
MD5
d096ccc62bc5ca43fdaecdeb60579aaf
-
SHA1
ec7ea18a482a749f7d0c02a3e7c0c695ce28b74e
-
SHA256
b8b9a275dd7074b5169977ea5e71d0399845e88408d94b71878a7950d926c316
-
SHA512
006bd3eca1a2d6b16ffd1cb46e0066756eb57abb9b618454a186b1d1fd237bfed23c0bfe197ada61520a9d5e98b2bf360beb528a46687ae5e3c9da60ccd923b2
-
SSDEEP
1572864:amKm5eNXA90p2N+iUgK1EEZBplhSwPTMSnhXQYoeQBPd:t5ec6C+imvrM0QYoeu1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Creates new service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-