General
-
Target
PoseidonLauncher.exe
-
Size
8.3MB
-
Sample
240701-kv1m3swckk
-
MD5
91aaaee1088d91dbdfa7b23d193a109b
-
SHA1
bdc48c9b638d15b57129ff117a1e511d004ceb4e
-
SHA256
678a370883ea9cf60d38dfd823626bf128b492e9047fee5c47d751d47a436cf9
-
SHA512
5ea1765d8e268aa1781f86d0f52b3f7881439bb4059d6867eaa20e2b90c00404c56a1edb99cd2b9fe30a45cc6f5858c5d2928777931dc16381be4f3744564044
-
SSDEEP
196608:kqooqrJcryUqW3b1KJg/ZJmpQi4NmpNYZ4OWCwBUpZRQ:kLoqdpkIJuJmpQiImOUBSw
Malware Config
Targets
-
-
Target
PoseidonLauncher.exe
-
Size
8.3MB
-
MD5
91aaaee1088d91dbdfa7b23d193a109b
-
SHA1
bdc48c9b638d15b57129ff117a1e511d004ceb4e
-
SHA256
678a370883ea9cf60d38dfd823626bf128b492e9047fee5c47d751d47a436cf9
-
SHA512
5ea1765d8e268aa1781f86d0f52b3f7881439bb4059d6867eaa20e2b90c00404c56a1edb99cd2b9fe30a45cc6f5858c5d2928777931dc16381be4f3744564044
-
SSDEEP
196608:kqooqrJcryUqW3b1KJg/ZJmpQi4NmpNYZ4OWCwBUpZRQ:kLoqdpkIJuJmpQiImOUBSw
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-