General
-
Target
bdd0e56f940036b718551617c496fcd0.exe
-
Size
4.4MB
-
Sample
210216-cr1kzh72ex
-
MD5
bdd0e56f940036b718551617c496fcd0
-
SHA1
a33ec1f933601d87ee96df839fb498076d0a9f20
-
SHA256
7499c45e246fe759ff4180bd864252689b1cbadc7825d007c7e25aa39c6a4450
-
SHA512
0b9abc49c1b4c294a444a3a680904d578836b756aecad52461316585d032423ff6de3294a547345bd6070b324c797c9fb4e41b5f51d527c1246dbfc9f09bcc7c
Behavioral task
behavioral1
Sample
bdd0e56f940036b718551617c496fcd0.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
bdd0e56f940036b718551617c496fcd0.exe
-
Size
4.4MB
-
MD5
bdd0e56f940036b718551617c496fcd0
-
SHA1
a33ec1f933601d87ee96df839fb498076d0a9f20
-
SHA256
7499c45e246fe759ff4180bd864252689b1cbadc7825d007c7e25aa39c6a4450
-
SHA512
0b9abc49c1b4c294a444a3a680904d578836b756aecad52461316585d032423ff6de3294a547345bd6070b324c797c9fb4e41b5f51d527c1246dbfc9f09bcc7c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-