General
-
Target
31eb4eec08c93c2770affd600e010182855e63322fba278afede89816faff6aa
-
Size
2.7MB
-
Sample
211219-v2j9sahfbk
-
MD5
c9bdb6ed5eb6da1c74b956937bbd31b4
-
SHA1
a9c6389196fa0c28b91b1802758981feee113031
-
SHA256
31eb4eec08c93c2770affd600e010182855e63322fba278afede89816faff6aa
-
SHA512
496657b02941e8548c397f9b59eeaa2671fa7921ac052d1b336147b881975bc47861da7a6c16c3a53e759704300cd66ce31ae1a3b286875bf5e563aa9a697295
Static task
static1
Malware Config
Targets
-
-
Target
31eb4eec08c93c2770affd600e010182855e63322fba278afede89816faff6aa
-
Size
2.7MB
-
MD5
c9bdb6ed5eb6da1c74b956937bbd31b4
-
SHA1
a9c6389196fa0c28b91b1802758981feee113031
-
SHA256
31eb4eec08c93c2770affd600e010182855e63322fba278afede89816faff6aa
-
SHA512
496657b02941e8548c397f9b59eeaa2671fa7921ac052d1b336147b881975bc47861da7a6c16c3a53e759704300cd66ce31ae1a3b286875bf5e563aa9a697295
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-