General
-
Target
6654274FD3AED9024394EF8657461B9D.exe
-
Size
7.4MB
-
Sample
210620-y5yt39axs2
-
MD5
6654274fd3aed9024394ef8657461b9d
-
SHA1
cc3941cbc1baac94c8e91d07756ee37ab4b7b9fa
-
SHA256
130aab0a401cfce6e038d6d9f2bf1d94588a92c04c9b27a67f7a00c6a1413491
-
SHA512
f783c4cef5077b89b3e384415695e8c6adda4edf3f15b0fede37b93cf156d0021cb381a52425d3110549ce915e614925eba5c28d7e47c30e2bbe673a9f35a5a6
Static task
static1
Behavioral task
behavioral1
Sample
6654274FD3AED9024394EF8657461B9D.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
6654274FD3AED9024394EF8657461B9D.exe
-
Size
7.4MB
-
MD5
6654274fd3aed9024394ef8657461b9d
-
SHA1
cc3941cbc1baac94c8e91d07756ee37ab4b7b9fa
-
SHA256
130aab0a401cfce6e038d6d9f2bf1d94588a92c04c9b27a67f7a00c6a1413491
-
SHA512
f783c4cef5077b89b3e384415695e8c6adda4edf3f15b0fede37b93cf156d0021cb381a52425d3110549ce915e614925eba5c28d7e47c30e2bbe673a9f35a5a6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-