General
-
Target
5d8da3252bf9be54807a015f2718d931077fe49aebaf22a53172a43cf153e0bd
-
Size
5.4MB
-
Sample
211207-ge7vnsahe5
-
MD5
fbed9adbc9c2fd72dafa222895e23fa6
-
SHA1
baa0aeb40229192772ea65dffebb721fde3dcf3b
-
SHA256
5d8da3252bf9be54807a015f2718d931077fe49aebaf22a53172a43cf153e0bd
-
SHA512
b26405f78c7bfdd241222ff721144746f3819404808a798aa8e81f4a465b708c61140b2b2aca59745292caee9159dca91a74300c83ba850249f247c7268c7234
Static task
static1
Malware Config
Targets
-
-
Target
5d8da3252bf9be54807a015f2718d931077fe49aebaf22a53172a43cf153e0bd
-
Size
5.4MB
-
MD5
fbed9adbc9c2fd72dafa222895e23fa6
-
SHA1
baa0aeb40229192772ea65dffebb721fde3dcf3b
-
SHA256
5d8da3252bf9be54807a015f2718d931077fe49aebaf22a53172a43cf153e0bd
-
SHA512
b26405f78c7bfdd241222ff721144746f3819404808a798aa8e81f4a465b708c61140b2b2aca59745292caee9159dca91a74300c83ba850249f247c7268c7234
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-