General
-
Target
32ecdeb650c1a54310c61847b3c86732290a4df1b51e95238868555e144ca9a6
-
Size
2.7MB
-
Sample
211219-k2zz5aghfq
-
MD5
9f883f2908f53b5fb73c1be1a271f740
-
SHA1
8c58e0e886a615cee214ae5d861991cb95739026
-
SHA256
32ecdeb650c1a54310c61847b3c86732290a4df1b51e95238868555e144ca9a6
-
SHA512
4544d26c451755aa25ecca4476df273215e4d2a20db8d7b60ecda8a5f92dde76000df08ec5dad280476eef05ce6352fa599fbd364dcc3d575488c426f2e08938
Static task
static1
Malware Config
Targets
-
-
Target
32ecdeb650c1a54310c61847b3c86732290a4df1b51e95238868555e144ca9a6
-
Size
2.7MB
-
MD5
9f883f2908f53b5fb73c1be1a271f740
-
SHA1
8c58e0e886a615cee214ae5d861991cb95739026
-
SHA256
32ecdeb650c1a54310c61847b3c86732290a4df1b51e95238868555e144ca9a6
-
SHA512
4544d26c451755aa25ecca4476df273215e4d2a20db8d7b60ecda8a5f92dde76000df08ec5dad280476eef05ce6352fa599fbd364dcc3d575488c426f2e08938
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-