General
-
Target
3d07efde85a5ded500f658ef0e2fbd446851b593a79c9bb46055293cb3d42dac
-
Size
8.6MB
-
Sample
211220-k7gezabaap
-
MD5
916d89ca529c0a7a07c4a55c0d2e1560
-
SHA1
687e508ca7fe82ae9055ab6b335eac30af0bd791
-
SHA256
3d07efde85a5ded500f658ef0e2fbd446851b593a79c9bb46055293cb3d42dac
-
SHA512
bcf3618c2c064fec590088f2e1659bc050cf3eadc9a66b55ab40982f830685725a8c40e16ee3b5bf307077ab8daaf250fbd06e7246979ee483452650bc4652fb
Static task
static1
Malware Config
Targets
-
-
Target
3d07efde85a5ded500f658ef0e2fbd446851b593a79c9bb46055293cb3d42dac
-
Size
8.6MB
-
MD5
916d89ca529c0a7a07c4a55c0d2e1560
-
SHA1
687e508ca7fe82ae9055ab6b335eac30af0bd791
-
SHA256
3d07efde85a5ded500f658ef0e2fbd446851b593a79c9bb46055293cb3d42dac
-
SHA512
bcf3618c2c064fec590088f2e1659bc050cf3eadc9a66b55ab40982f830685725a8c40e16ee3b5bf307077ab8daaf250fbd06e7246979ee483452650bc4652fb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-