General
-
Target
Loader.exe
-
Size
12.2MB
-
Sample
240701-dnxvaavalh
-
MD5
de29ac4da4a6babe3fa0b95a55bb08ad
-
SHA1
ff797ebfe3286018de4998df6e40f77d32106942
-
SHA256
611fbb3467b28360f80f5e36424908d0c3ec2f94044778820b5a7f7cddb86549
-
SHA512
25a098c8220f6f601b652e28408b069260b4922834d33bb99f99654f8e0042a5fd99b9a90b19ae0c17f6c9863f45debb4d227a7ae23162fff02bfea576673212
-
SSDEEP
196608:FPqOeo716XtLQaRKtL62KhzJ07rHHcm6Cq4UZ+9jF6t7fAGmbMaev:YONhbaRKx6tULcm6OUZ+FuAAPv
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Loader.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
12.2MB
-
MD5
de29ac4da4a6babe3fa0b95a55bb08ad
-
SHA1
ff797ebfe3286018de4998df6e40f77d32106942
-
SHA256
611fbb3467b28360f80f5e36424908d0c3ec2f94044778820b5a7f7cddb86549
-
SHA512
25a098c8220f6f601b652e28408b069260b4922834d33bb99f99654f8e0042a5fd99b9a90b19ae0c17f6c9863f45debb4d227a7ae23162fff02bfea576673212
-
SSDEEP
196608:FPqOeo716XtLQaRKtL62KhzJ07rHHcm6Cq4UZ+9jF6t7fAGmbMaev:YONhbaRKx6tULcm6OUZ+FuAAPv
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-