General
-
Target
af1a95797963e51df6f8348883dd83e1
-
Size
2.5MB
-
Sample
211207-1dmb5agae6
-
MD5
af1a95797963e51df6f8348883dd83e1
-
SHA1
ad7383cc8576ff1ba2652a755d7dd9b585d44f8a
-
SHA256
0e9d7dd7f56cf707f449e9c046499f2b0a4a953794af5e7a15d3a6d5971594ef
-
SHA512
ff4739579e66bd383872ed82016727c812cfc512f6eb198586030143988c810d42cb25fcaa230671b229d3e71ff02050f0f876d2d55440fb9e5e7d4e08b0e6ad
Static task
static1
Behavioral task
behavioral1
Sample
af1a95797963e51df6f8348883dd83e1.exe
Resource
win7-en-20211104
Malware Config
Targets
-
-
Target
af1a95797963e51df6f8348883dd83e1
-
Size
2.5MB
-
MD5
af1a95797963e51df6f8348883dd83e1
-
SHA1
ad7383cc8576ff1ba2652a755d7dd9b585d44f8a
-
SHA256
0e9d7dd7f56cf707f449e9c046499f2b0a4a953794af5e7a15d3a6d5971594ef
-
SHA512
ff4739579e66bd383872ed82016727c812cfc512f6eb198586030143988c810d42cb25fcaa230671b229d3e71ff02050f0f876d2d55440fb9e5e7d4e08b0e6ad
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-