General
-
Target
ng.exe
-
Size
12.7MB
-
Sample
210929-vwbepafdb9
-
MD5
eda4c21601bf5c4d0579754751f9074f
-
SHA1
bb4a49af4c6db9c05f4a0669990ec0a2228ba4dd
-
SHA256
27441ba3afdfa5c03c1c289f0bea619e7a542a67a0562a284b8f4b3de17bc1a7
-
SHA512
e29a98365f7af43416040a359054864b7bc4e7cca885f9d8525ff33bb3b2698c0bf89627426a2591c9f4737e50bfc45db6ea9944d8c1eb93e944a8431e09b2ed
Static task
static1
Malware Config
Targets
-
-
Target
ng.exe
-
Size
12.7MB
-
MD5
eda4c21601bf5c4d0579754751f9074f
-
SHA1
bb4a49af4c6db9c05f4a0669990ec0a2228ba4dd
-
SHA256
27441ba3afdfa5c03c1c289f0bea619e7a542a67a0562a284b8f4b3de17bc1a7
-
SHA512
e29a98365f7af43416040a359054864b7bc4e7cca885f9d8525ff33bb3b2698c0bf89627426a2591c9f4737e50bfc45db6ea9944d8c1eb93e944a8431e09b2ed
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-