General
-
Target
d5e1b1e2d4448b7af40c177a7cff819b
-
Size
2.6MB
-
Sample
211020-y292zsadgr
-
MD5
d5e1b1e2d4448b7af40c177a7cff819b
-
SHA1
817d6dad304cb1f909f78fb781c0a65e249757da
-
SHA256
e1112f66b7011fac9214d3db1c2928c6b402dbbd3ae89e83a15f2cef45f309aa
-
SHA512
bcda29e31f5596ac15ee0c7428821a4aeaeb85c11db58612958bc725816806fc764016dc92db39fc95e7328461bb78612cb9d29e04d06c6937fafbb032217f5b
Static task
static1
Behavioral task
behavioral1
Sample
d5e1b1e2d4448b7af40c177a7cff819b.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
d5e1b1e2d4448b7af40c177a7cff819b
-
Size
2.6MB
-
MD5
d5e1b1e2d4448b7af40c177a7cff819b
-
SHA1
817d6dad304cb1f909f78fb781c0a65e249757da
-
SHA256
e1112f66b7011fac9214d3db1c2928c6b402dbbd3ae89e83a15f2cef45f309aa
-
SHA512
bcda29e31f5596ac15ee0c7428821a4aeaeb85c11db58612958bc725816806fc764016dc92db39fc95e7328461bb78612cb9d29e04d06c6937fafbb032217f5b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-