General
-
Target
SecuriteInfo.com.Variant.Bulz.362300.21634.21593
-
Size
3.9MB
-
Sample
210225-jjtkwcrx9e
-
MD5
85a3f8f22ec1bbf032820b51c354d912
-
SHA1
97025304010fd4453a8b69bc0830e21ebcabcb1d
-
SHA256
02afc67fc961203f4809101aeb60ef5553b6b2b3f142e39f80ba3f9e64f52704
-
SHA512
15d69745420596b5870f5214d279e4120e1a2685c7dc06de1a3f86bac80ffad004c32bffc34f25aacc5a93a2f74ae7b1f8eed0426cacba99e6f99b1a821e9df9
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.362300.21634.21593.dll
Resource
win7v20201028
Malware Config
Extracted
icedid
3092683670
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.362300.21634.21593
-
Size
3.9MB
-
MD5
85a3f8f22ec1bbf032820b51c354d912
-
SHA1
97025304010fd4453a8b69bc0830e21ebcabcb1d
-
SHA256
02afc67fc961203f4809101aeb60ef5553b6b2b3f142e39f80ba3f9e64f52704
-
SHA512
15d69745420596b5870f5214d279e4120e1a2685c7dc06de1a3f86bac80ffad004c32bffc34f25aacc5a93a2f74ae7b1f8eed0426cacba99e6f99b1a821e9df9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-