General
-
Target
47e2b9d18762b81536a9a236a382302f9fcb3114e3723a2e90277b903448b536
-
Size
4.9MB
-
Sample
211202-xs49psbdaj
-
MD5
7b7cfe46454f0f7a9c046636eb66dda0
-
SHA1
9ef56977d9b96e81e42f94ef29b144698685e5d3
-
SHA256
47e2b9d18762b81536a9a236a382302f9fcb3114e3723a2e90277b903448b536
-
SHA512
28e5b8eca9048855829528d8e235e52168588c247e036acae791927b9f703394975c38dedcc01a6bdfcefdd1e580d882d97f6eec3a6983c1b21fb4a04cdd0cfd
Static task
static1
Malware Config
Targets
-
-
Target
47e2b9d18762b81536a9a236a382302f9fcb3114e3723a2e90277b903448b536
-
Size
4.9MB
-
MD5
7b7cfe46454f0f7a9c046636eb66dda0
-
SHA1
9ef56977d9b96e81e42f94ef29b144698685e5d3
-
SHA256
47e2b9d18762b81536a9a236a382302f9fcb3114e3723a2e90277b903448b536
-
SHA512
28e5b8eca9048855829528d8e235e52168588c247e036acae791927b9f703394975c38dedcc01a6bdfcefdd1e580d882d97f6eec3a6983c1b21fb4a04cdd0cfd
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-