General
-
Target
aInjector Win64_x32.exe
-
Size
3.6MB
-
Sample
211212-p22aeacch2
-
MD5
45539053a6c4a180b590a7af970fc3ab
-
SHA1
8a091f013cdbe5b0f7308692a75bd95c544a7e5a
-
SHA256
e341a13e9d2d6974d68018a8d8f28f4a40ef8b1fe063384eda97ebbbad7ab80a
-
SHA512
498c61bb0949ef48e1bf834e3fce02ddc7b857e794ce02d97c615f03d2c93420799cd7476bdd4bb15768396cd28668060da0c6e9914039d6bc010f32ddafea85
Static task
static1
Behavioral task
behavioral1
Sample
aInjector Win64_x32.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
aInjector Win64_x32.exe
-
Size
3.6MB
-
MD5
45539053a6c4a180b590a7af970fc3ab
-
SHA1
8a091f013cdbe5b0f7308692a75bd95c544a7e5a
-
SHA256
e341a13e9d2d6974d68018a8d8f28f4a40ef8b1fe063384eda97ebbbad7ab80a
-
SHA512
498c61bb0949ef48e1bf834e3fce02ddc7b857e794ce02d97c615f03d2c93420799cd7476bdd4bb15768396cd28668060da0c6e9914039d6bc010f32ddafea85
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-