General
-
Target
dotEXE1.exe
-
Size
5.3MB
-
Sample
201125-vc26g49gha
-
MD5
d8e3e53d1eb7b3cc029ccd1b4af18aaa
-
SHA1
3e3057d6e140a8c7b29929b3982f3f27692635f6
-
SHA256
9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c
-
SHA512
5f55b1a3de85d5d298ce2fe8915b0bc9918f3f0f9758180028dd89ac0b3913a369530eb8e520cffb35eebb46db583325f65a4d070751b7fd4b8022e9b697e667
Static task
static1
Behavioral task
behavioral1
Sample
dotEXE1.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
dotEXE1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
dotEXE1.exe
-
Size
5.3MB
-
MD5
d8e3e53d1eb7b3cc029ccd1b4af18aaa
-
SHA1
3e3057d6e140a8c7b29929b3982f3f27692635f6
-
SHA256
9811501a32c5d39dfccc30ada4c5538602a53b94d19ba0d6323c830f8234d27c
-
SHA512
5f55b1a3de85d5d298ce2fe8915b0bc9918f3f0f9758180028dd89ac0b3913a369530eb8e520cffb35eebb46db583325f65a4d070751b7fd4b8022e9b697e667
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-