General
-
Target
3eca25c6a211415959e59d89e6f8c6a9b1d1c45bfbb9ce8bfc133c66958dc97c
-
Size
2.6MB
-
Sample
211220-v2wmtacbgj
-
MD5
75182fea96cd2dea68a23d360fb647c8
-
SHA1
992c5fe1ac704528a505bb42162a421e3d29b7cb
-
SHA256
3eca25c6a211415959e59d89e6f8c6a9b1d1c45bfbb9ce8bfc133c66958dc97c
-
SHA512
649aa18d4303f42fb9b8dc90994f8d40aa45a07f2842edfce1a389c0f1c2510f7828b233b7205e2171e8a147eed7c3a18efd162e060c83ad1f0fbbd3f4a56ec0
Static task
static1
Malware Config
Targets
-
-
Target
3eca25c6a211415959e59d89e6f8c6a9b1d1c45bfbb9ce8bfc133c66958dc97c
-
Size
2.6MB
-
MD5
75182fea96cd2dea68a23d360fb647c8
-
SHA1
992c5fe1ac704528a505bb42162a421e3d29b7cb
-
SHA256
3eca25c6a211415959e59d89e6f8c6a9b1d1c45bfbb9ce8bfc133c66958dc97c
-
SHA512
649aa18d4303f42fb9b8dc90994f8d40aa45a07f2842edfce1a389c0f1c2510f7828b233b7205e2171e8a147eed7c3a18efd162e060c83ad1f0fbbd3f4a56ec0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-