General
-
Target
8fd56b6131390d2d8c7ccb008304aa74
-
Size
2.6MB
-
Sample
210926-q5tv6sehf3
-
MD5
8fd56b6131390d2d8c7ccb008304aa74
-
SHA1
4042cfb3aacfcc899c1753b4bb3d7e692219e6f0
-
SHA256
b0586fab8481d6a24fa8b4213a3eb6b38d88945815e53802f36e30cd0f92b1df
-
SHA512
8750fc17cce5fbbf1b9fd3519ea602ac387a28d1cf5b2fe95eab463374215c5f2f2ca951aaa05180569f546349bd56ef23ac6a47c5946eedfb0a57636f58fd4e
Static task
static1
Behavioral task
behavioral1
Sample
8fd56b6131390d2d8c7ccb008304aa74.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
8fd56b6131390d2d8c7ccb008304aa74
-
Size
2.6MB
-
MD5
8fd56b6131390d2d8c7ccb008304aa74
-
SHA1
4042cfb3aacfcc899c1753b4bb3d7e692219e6f0
-
SHA256
b0586fab8481d6a24fa8b4213a3eb6b38d88945815e53802f36e30cd0f92b1df
-
SHA512
8750fc17cce5fbbf1b9fd3519ea602ac387a28d1cf5b2fe95eab463374215c5f2f2ca951aaa05180569f546349bd56ef23ac6a47c5946eedfb0a57636f58fd4e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-