General
-
Target
9d1173da73c0acb7741ffba92279ab6a
-
Size
2.9MB
-
Sample
211019-259geahdaq
-
MD5
9d1173da73c0acb7741ffba92279ab6a
-
SHA1
2bc0e346e0fa9563cca40195210a852881039bd5
-
SHA256
dd0e0ef381ebf5ed85199ab70c03539df2c09c6cd3dc7e3a2771ecd492ceeb25
-
SHA512
a44ae714cb84e8c03697c4676458ebe68616d4a7c8520506b9db4cba2882242273dedb6e23674af1bfb7317b5bb3b559658c685f5eb2517cb06f22e7375007dc
Static task
static1
Behavioral task
behavioral1
Sample
9d1173da73c0acb7741ffba92279ab6a.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
9d1173da73c0acb7741ffba92279ab6a
-
Size
2.9MB
-
MD5
9d1173da73c0acb7741ffba92279ab6a
-
SHA1
2bc0e346e0fa9563cca40195210a852881039bd5
-
SHA256
dd0e0ef381ebf5ed85199ab70c03539df2c09c6cd3dc7e3a2771ecd492ceeb25
-
SHA512
a44ae714cb84e8c03697c4676458ebe68616d4a7c8520506b9db4cba2882242273dedb6e23674af1bfb7317b5bb3b559658c685f5eb2517cb06f22e7375007dc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-