General
-
Target
7d4a4b1e6c40323bb0c3c86da4c185d5
-
Size
3.5MB
-
Sample
211021-yx9wesafg5
-
MD5
7d4a4b1e6c40323bb0c3c86da4c185d5
-
SHA1
43e649e0537be8052ecddac525f860c304ca5c8f
-
SHA256
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
SHA512
5e92aa291ec956086a7ddf7cc3b037d2c4e7fbc8415ff2c52d772252b76ef4a3a19c4b913e419540a10dfcef7994770928b568f3fc40c74842d49782bba1e443
Static task
static1
Behavioral task
behavioral1
Sample
7d4a4b1e6c40323bb0c3c86da4c185d5.exe
Resource
win7-en-20210920
Malware Config
Targets
-
-
Target
7d4a4b1e6c40323bb0c3c86da4c185d5
-
Size
3.5MB
-
MD5
7d4a4b1e6c40323bb0c3c86da4c185d5
-
SHA1
43e649e0537be8052ecddac525f860c304ca5c8f
-
SHA256
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
SHA512
5e92aa291ec956086a7ddf7cc3b037d2c4e7fbc8415ff2c52d772252b76ef4a3a19c4b913e419540a10dfcef7994770928b568f3fc40c74842d49782bba1e443
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-