General
-
Target
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
Size
3.5MB
-
Sample
211021-z4dbgabfek
-
MD5
7d4a4b1e6c40323bb0c3c86da4c185d5
-
SHA1
43e649e0537be8052ecddac525f860c304ca5c8f
-
SHA256
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
SHA512
5e92aa291ec956086a7ddf7cc3b037d2c4e7fbc8415ff2c52d772252b76ef4a3a19c4b913e419540a10dfcef7994770928b568f3fc40c74842d49782bba1e443
Static task
static1
Malware Config
Targets
-
-
Target
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
Size
3.5MB
-
MD5
7d4a4b1e6c40323bb0c3c86da4c185d5
-
SHA1
43e649e0537be8052ecddac525f860c304ca5c8f
-
SHA256
8725e5ff2dde91cb1a5424ddeea253b3f3e1b59b46ac3142c22ad5ccd4e22914
-
SHA512
5e92aa291ec956086a7ddf7cc3b037d2c4e7fbc8415ff2c52d772252b76ef4a3a19c4b913e419540a10dfcef7994770928b568f3fc40c74842d49782bba1e443
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-