General
-
Target
FrkarR.exe
-
Size
6.8MB
-
Sample
210727-7ddscz711n
-
MD5
f86cfbbb6316becace4efae11cdfd424
-
SHA1
9a27c693283aa2c9d91cb3a40e1bf392c3d42d51
-
SHA256
d54358095f37e6a9786a5a8997a5d591a015934acefb9da85f79705d81ccdc6f
-
SHA512
f0b27d490f5a9ee19a055c62995de035a81754d1201912c4e18a3e1b8a96b98df7395f4a12e7c3654cdade406480a51c3dd08cb2a8ee067a67655b017b0f187c
Static task
static1
Malware Config
Targets
-
-
Target
FrkarR.exe
-
Size
6.8MB
-
MD5
f86cfbbb6316becace4efae11cdfd424
-
SHA1
9a27c693283aa2c9d91cb3a40e1bf392c3d42d51
-
SHA256
d54358095f37e6a9786a5a8997a5d591a015934acefb9da85f79705d81ccdc6f
-
SHA512
f0b27d490f5a9ee19a055c62995de035a81754d1201912c4e18a3e1b8a96b98df7395f4a12e7c3654cdade406480a51c3dd08cb2a8ee067a67655b017b0f187c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-