General
-
Target
SecuriteInfo.com.Variant.Razy.463744.1299.18235
-
Size
2.6MB
-
Sample
201109-tanx51twte
-
MD5
9f1331b4968f26255e5331cb003ff25d
-
SHA1
457e69a75a56bc9dfd414ea7aa52b732396a463d
-
SHA256
fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559
-
SHA512
34a8d5fa280cef867eaef5a1b6f5df4e477476ed046ef105fee42a43e15d395576072aa148ffd31805451849ca3e309316caf145a641745c25bdab2591824267
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Razy.463744.1299.18235.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Razy.463744.1299.18235
-
Size
2.6MB
-
MD5
9f1331b4968f26255e5331cb003ff25d
-
SHA1
457e69a75a56bc9dfd414ea7aa52b732396a463d
-
SHA256
fdf5f9635c047cde3c096139490f3462d03434986b1450ca5f01be74e1f5b559
-
SHA512
34a8d5fa280cef867eaef5a1b6f5df4e477476ed046ef105fee42a43e15d395576072aa148ffd31805451849ca3e309316caf145a641745c25bdab2591824267
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-