General
-
Target
.
-
Size
39KB
-
Sample
211212-vefyvacdg9
-
MD5
f9c463e751d8cd6717c371d6b3fb18b9
-
SHA1
a058c410c5557c8543338f704bdd4e9a8b5a9ace
-
SHA256
ec37e7c528769b09a58de40987fa961527ef314c843037d0cf2692a280f5bdb6
-
SHA512
7141c4b2f50492928746ee90032a9aa2f14feb35fa02d4ddd398af306e5467f7e820e0a4d7ba103de89df6014362b957d608d94136fdba28911d27af7577bf3b
Static task
static1
Malware Config
Targets
-
-
Target
.
-
Size
39KB
-
MD5
f9c463e751d8cd6717c371d6b3fb18b9
-
SHA1
a058c410c5557c8543338f704bdd4e9a8b5a9ace
-
SHA256
ec37e7c528769b09a58de40987fa961527ef314c843037d0cf2692a280f5bdb6
-
SHA512
7141c4b2f50492928746ee90032a9aa2f14feb35fa02d4ddd398af306e5467f7e820e0a4d7ba103de89df6014362b957d608d94136fdba28911d27af7577bf3b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-