General
-
Target
aInjector Win64_x32.exe
-
Size
2.8MB
-
Sample
211209-egqcasagh8
-
MD5
04083f1648e2b2805b6a37e6019fdeab
-
SHA1
c8159ba9893416c3056e9ef69386daf064c45863
-
SHA256
27b0fd5d8ef7f364dc1e472920c0ea54f758de1083c95b5084f867c528593d7b
-
SHA512
ff3bfdf6313bd12759c5e83dcc3740c2452d191adeecdba1dab0283da77f906f42d9a4594ce8a81ed270dc1f66e54c62e556a06eb8bc95e39cd4a74467c60478
Static task
static1
Behavioral task
behavioral1
Sample
aInjector Win64_x32.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
aInjector Win64_x32.exe
-
Size
2.8MB
-
MD5
04083f1648e2b2805b6a37e6019fdeab
-
SHA1
c8159ba9893416c3056e9ef69386daf064c45863
-
SHA256
27b0fd5d8ef7f364dc1e472920c0ea54f758de1083c95b5084f867c528593d7b
-
SHA512
ff3bfdf6313bd12759c5e83dcc3740c2452d191adeecdba1dab0283da77f906f42d9a4594ce8a81ed270dc1f66e54c62e556a06eb8bc95e39cd4a74467c60478
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-