General
-
Target
0a6833368dc6e05e0271061229c79788600844407dd0de0ddd6d1da81d1dc497
-
Size
4.6MB
-
Sample
211218-d7z4rafcap
-
MD5
f3aa3d76c2752aab946f9c6c7688e211
-
SHA1
5162313f37038a6514f8149fd8dda6ff7722b9f3
-
SHA256
0a6833368dc6e05e0271061229c79788600844407dd0de0ddd6d1da81d1dc497
-
SHA512
3d54a0411ae9856dc7806b2514968853c47d60cb9c2a6b7652c53b3c68c473dc3779d3314d0f965f928ec79d1d5c1f30ede0cd345b10066f55374b9a48f3fc8c
Static task
static1
Malware Config
Targets
-
-
Target
0a6833368dc6e05e0271061229c79788600844407dd0de0ddd6d1da81d1dc497
-
Size
4.6MB
-
MD5
f3aa3d76c2752aab946f9c6c7688e211
-
SHA1
5162313f37038a6514f8149fd8dda6ff7722b9f3
-
SHA256
0a6833368dc6e05e0271061229c79788600844407dd0de0ddd6d1da81d1dc497
-
SHA512
3d54a0411ae9856dc7806b2514968853c47d60cb9c2a6b7652c53b3c68c473dc3779d3314d0f965f928ec79d1d5c1f30ede0cd345b10066f55374b9a48f3fc8c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-