General
-
Target
59619d957fc88a2c7f7e7b6abcd25e3311f81e55a51d8cf2af5d975a1e36a4f0
-
Size
2.5MB
-
Sample
210926-nkh7tsegc3
-
MD5
9e1f914ae1dca0a8c42f5cf0df19d98f
-
SHA1
548574f8717f27d94e1534418e0452538aa621fb
-
SHA256
59619d957fc88a2c7f7e7b6abcd25e3311f81e55a51d8cf2af5d975a1e36a4f0
-
SHA512
3639db1433428ff8c0ca4d0e79dd5542d96f305f966f65ea97d48509e555ac5028a4021521e8659b35bbe5c4c6d35551d2badc924f0d6c9864d422b88363f995
Static task
static1
Malware Config
Targets
-
-
Target
59619d957fc88a2c7f7e7b6abcd25e3311f81e55a51d8cf2af5d975a1e36a4f0
-
Size
2.5MB
-
MD5
9e1f914ae1dca0a8c42f5cf0df19d98f
-
SHA1
548574f8717f27d94e1534418e0452538aa621fb
-
SHA256
59619d957fc88a2c7f7e7b6abcd25e3311f81e55a51d8cf2af5d975a1e36a4f0
-
SHA512
3639db1433428ff8c0ca4d0e79dd5542d96f305f966f65ea97d48509e555ac5028a4021521e8659b35bbe5c4c6d35551d2badc924f0d6c9864d422b88363f995
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-