General
-
Target
cf92a854dea1fb28cb12c47f6b5d595b
-
Size
3.0MB
-
Sample
211022-dcqxlabaf3
-
MD5
cf92a854dea1fb28cb12c47f6b5d595b
-
SHA1
b6105811b820151e0fb27c76d73a0353eb38c124
-
SHA256
7495bb8e7260acdc5822cabc7c2c17d54655eee8efbc0bc4887e040fb4b7dc64
-
SHA512
34076d78d0d5257238645d3dca95938ae760bba059eca663910b95ee78e3426aca2f34b319c8fdafb4d96eee765391e177db0b6d1068774518d5f7e385ed817c
Static task
static1
Behavioral task
behavioral1
Sample
cf92a854dea1fb28cb12c47f6b5d595b.exe
Resource
win7-en-20211014
Malware Config
Targets
-
-
Target
cf92a854dea1fb28cb12c47f6b5d595b
-
Size
3.0MB
-
MD5
cf92a854dea1fb28cb12c47f6b5d595b
-
SHA1
b6105811b820151e0fb27c76d73a0353eb38c124
-
SHA256
7495bb8e7260acdc5822cabc7c2c17d54655eee8efbc0bc4887e040fb4b7dc64
-
SHA512
34076d78d0d5257238645d3dca95938ae760bba059eca663910b95ee78e3426aca2f34b319c8fdafb4d96eee765391e177db0b6d1068774518d5f7e385ed817c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-