General
-
Target
c983192fb4b4f55d1d5a6bcaec5241db.exe
-
Size
2.7MB
-
Sample
211220-lmmxpabadq
-
MD5
c983192fb4b4f55d1d5a6bcaec5241db
-
SHA1
c8fae465e7e4595ab216a8efa614ad8ff87871d3
-
SHA256
f4889a3b066fb61c8df967ceb0ef0e0157dd5a3ef65feb328e30a186a5c3c1e8
-
SHA512
48d559ef2e9320ee2a304c408003c3822eef98524233fbcd9b63d565b4f8c37bbbbd42a5b2f7f7cc0121579f3ab6f2e2ad76f86b215f1240e2755242e03ad57e
Static task
static1
Behavioral task
behavioral1
Sample
c983192fb4b4f55d1d5a6bcaec5241db.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
c983192fb4b4f55d1d5a6bcaec5241db.exe
-
Size
2.7MB
-
MD5
c983192fb4b4f55d1d5a6bcaec5241db
-
SHA1
c8fae465e7e4595ab216a8efa614ad8ff87871d3
-
SHA256
f4889a3b066fb61c8df967ceb0ef0e0157dd5a3ef65feb328e30a186a5c3c1e8
-
SHA512
48d559ef2e9320ee2a304c408003c3822eef98524233fbcd9b63d565b4f8c37bbbbd42a5b2f7f7cc0121579f3ab6f2e2ad76f86b215f1240e2755242e03ad57e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-