General
-
Target
SecuriteInfo.com.Variant.Razy.579786.28822.10733
-
Size
4.1MB
-
Sample
211219-wtq8ssgha7
-
MD5
b04072a01ba1f12318fdd1ee21196564
-
SHA1
8d88edbe59d587888494f4dbf83ef0612106026b
-
SHA256
1db50451a00a658d3dedcd3f7b68dee2fa5c7fd86bc4695ccc970de9fb349c66
-
SHA512
fa05225040272c82491610906438d7ea744ad0a119fea567d9138c5a9067458d363e6bf1bb80fd8b913767810c075edea92d383b941e982359744920cc0fb90f
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Razy.579786.28822.10733.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Razy.579786.28822.10733
-
Size
4.1MB
-
MD5
b04072a01ba1f12318fdd1ee21196564
-
SHA1
8d88edbe59d587888494f4dbf83ef0612106026b
-
SHA256
1db50451a00a658d3dedcd3f7b68dee2fa5c7fd86bc4695ccc970de9fb349c66
-
SHA512
fa05225040272c82491610906438d7ea744ad0a119fea567d9138c5a9067458d363e6bf1bb80fd8b913767810c075edea92d383b941e982359744920cc0fb90f
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-