General
-
Target
mixshop_20210917-170754
-
Size
2.4MB
-
Sample
210926-nxm2jseffn
-
MD5
6622c18788c9acec66f7d61126deb006
-
SHA1
3c2130f970f2a55ebe4b2a68672d1f5005c3988e
-
SHA256
bb3f24a3e0fa7b765468ffd3ada047a23212200dd166e66df7a36075ad0dd2f2
-
SHA512
f0df854d399e4bf95fe0455ab439ed334a0929b8b0e31f374e99ef810c9ccd279fbfdbf6002bb3713df4c4476c490133cd3fad20aa8fb6ee4732e6fff8cd16d3
Static task
static1
Behavioral task
behavioral1
Sample
mixshop_20210917-170754.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
mixshop_20210917-170754
-
Size
2.4MB
-
MD5
6622c18788c9acec66f7d61126deb006
-
SHA1
3c2130f970f2a55ebe4b2a68672d1f5005c3988e
-
SHA256
bb3f24a3e0fa7b765468ffd3ada047a23212200dd166e66df7a36075ad0dd2f2
-
SHA512
f0df854d399e4bf95fe0455ab439ed334a0929b8b0e31f374e99ef810c9ccd279fbfdbf6002bb3713df4c4476c490133cd3fad20aa8fb6ee4732e6fff8cd16d3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-