General
-
Target
c436c42e07c1c93c8aeb48b35b51a4a9.exe
-
Size
2.5MB
-
Sample
211216-kw6wgsbfc5
-
MD5
c436c42e07c1c93c8aeb48b35b51a4a9
-
SHA1
4ecb0d749df3b76e6fd367bb8cf7fdc2b50a8b26
-
SHA256
d24441e5bb3497db8f6c39a3579b1415efa467e18308f1f9dff228d721b0bdde
-
SHA512
8f825fb4799a12908c36fec6ee9c6198a139ef40da7e074df8496cd89cf0bbf1221abfea3c0ad90ca88de7a59931a16250c89490600b0dce351ca574ecd145f0
Static task
static1
Behavioral task
behavioral1
Sample
c436c42e07c1c93c8aeb48b35b51a4a9.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
c436c42e07c1c93c8aeb48b35b51a4a9.exe
-
Size
2.5MB
-
MD5
c436c42e07c1c93c8aeb48b35b51a4a9
-
SHA1
4ecb0d749df3b76e6fd367bb8cf7fdc2b50a8b26
-
SHA256
d24441e5bb3497db8f6c39a3579b1415efa467e18308f1f9dff228d721b0bdde
-
SHA512
8f825fb4799a12908c36fec6ee9c6198a139ef40da7e074df8496cd89cf0bbf1221abfea3c0ad90ca88de7a59931a16250c89490600b0dce351ca574ecd145f0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-