General
-
Target
41159a4fa73969a811b4490345ca4a7d1cb0fa7ccca12f14d67cf7a74b05e147
-
Size
2.7MB
-
Sample
211203-awxmpsdbbk
-
MD5
9e7838d0ec3add8fde66e4fee5d19b41
-
SHA1
e37263969a2b47bf21afb51a4b6c23d95de61eed
-
SHA256
41159a4fa73969a811b4490345ca4a7d1cb0fa7ccca12f14d67cf7a74b05e147
-
SHA512
77970c54dd5601227b66710503c7367a6cd15fcf6502ac316d0fd8c0dba1182b1890c04de93b969e76b80d03f7c7ffbb16873e28f2bd5b44945949983389980a
Static task
static1
Malware Config
Targets
-
-
Target
41159a4fa73969a811b4490345ca4a7d1cb0fa7ccca12f14d67cf7a74b05e147
-
Size
2.7MB
-
MD5
9e7838d0ec3add8fde66e4fee5d19b41
-
SHA1
e37263969a2b47bf21afb51a4b6c23d95de61eed
-
SHA256
41159a4fa73969a811b4490345ca4a7d1cb0fa7ccca12f14d67cf7a74b05e147
-
SHA512
77970c54dd5601227b66710503c7367a6cd15fcf6502ac316d0fd8c0dba1182b1890c04de93b969e76b80d03f7c7ffbb16873e28f2bd5b44945949983389980a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-