General
-
Target
aInjector Win64_x32.exe
-
Size
4.0MB
-
Sample
211205-2z4zqsfgg8
-
MD5
0633e40fa1f37b748cf61f04dba96445
-
SHA1
0710b691613be0f6ccf54f8e0bb4d8d7cf3c930c
-
SHA256
5781173908ae9208be64f02dd0e5cc0dc6ed0d98b16ae577b560b95cc136cb3d
-
SHA512
ffd608a67b60d2e02edf9e5090e18e9e0568846e10db66a7b0ce5ce8414acf19c4aa82b7dcab5c9a9fd341ff4e194df4938d8ce3cf5e9bb18040d7aa9a00ab94
Static task
static1
Behavioral task
behavioral1
Sample
aInjector Win64_x32.exe
Resource
win7-en-20211104
Malware Config
Targets
-
-
Target
aInjector Win64_x32.exe
-
Size
4.0MB
-
MD5
0633e40fa1f37b748cf61f04dba96445
-
SHA1
0710b691613be0f6ccf54f8e0bb4d8d7cf3c930c
-
SHA256
5781173908ae9208be64f02dd0e5cc0dc6ed0d98b16ae577b560b95cc136cb3d
-
SHA512
ffd608a67b60d2e02edf9e5090e18e9e0568846e10db66a7b0ce5ce8414acf19c4aa82b7dcab5c9a9fd341ff4e194df4938d8ce3cf5e9bb18040d7aa9a00ab94
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-