General
-
Target
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679
-
Size
10.8MB
-
Sample
240701-e4vkjaweqa
-
MD5
b1a2d6b1d05ffd2ca1724df174da486f
-
SHA1
0d74a7c916fc4ee151873bbcc0028ad0a711b97b
-
SHA256
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679
-
SHA512
4e0e494d2c3227905b6561a26b512d63acb4a12a609b6ce3004cdb687fcf0ad66d3544e99dc6a9f2e5a6dce7c393d0acd1e942500d57a25de173427a344a1185
-
SSDEEP
196608:CLa6/bEEtnhwf1aDBjuiqzfyXLqkyuU4kPlyj7XFEg/BFU9vI9DMdAQCaCT0BG0E:CBbNSf1athqLyXvyuUc7VZ/5MdSNdF
Static task
static1
Behavioral task
behavioral1
Sample
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679
-
Size
10.8MB
-
MD5
b1a2d6b1d05ffd2ca1724df174da486f
-
SHA1
0d74a7c916fc4ee151873bbcc0028ad0a711b97b
-
SHA256
efea847e29187c87fa162bb8abf60ebe811f37e239ab6686818b53d08d7c2679
-
SHA512
4e0e494d2c3227905b6561a26b512d63acb4a12a609b6ce3004cdb687fcf0ad66d3544e99dc6a9f2e5a6dce7c393d0acd1e942500d57a25de173427a344a1185
-
SSDEEP
196608:CLa6/bEEtnhwf1aDBjuiqzfyXLqkyuU4kPlyj7XFEg/BFU9vI9DMdAQCaCT0BG0E:CBbNSf1athqLyXvyuUc7VZ/5MdSNdF
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-