General
-
Target
a2b79e78e5be2b62bb07a730318334eacea599ad356a58820ade052330df6777
-
Size
26.6MB
-
Sample
211025-nf17vaghgk
-
MD5
177b8cd36932b0da6be4b5d52008e76f
-
SHA1
40c00016929abbf4f05984c9e3631b2c2020f004
-
SHA256
a2b79e78e5be2b62bb07a730318334eacea599ad356a58820ade052330df6777
-
SHA512
bbbf62106ae161e5b5d54b45b3ea24809cc55c2207c77c9e6a46152a67fbd0d59aac2c9853305894490ff15e72e26d801f4be077fdfb9ffce2264e4c8e47333e
Static task
static1
Malware Config
Targets
-
-
Target
a2b79e78e5be2b62bb07a730318334eacea599ad356a58820ade052330df6777
-
Size
26.6MB
-
MD5
177b8cd36932b0da6be4b5d52008e76f
-
SHA1
40c00016929abbf4f05984c9e3631b2c2020f004
-
SHA256
a2b79e78e5be2b62bb07a730318334eacea599ad356a58820ade052330df6777
-
SHA512
bbbf62106ae161e5b5d54b45b3ea24809cc55c2207c77c9e6a46152a67fbd0d59aac2c9853305894490ff15e72e26d801f4be077fdfb9ffce2264e4c8e47333e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-