General
-
Target
2b53806e26eb21a166411ca916ec0efe5f1c2623d73fb6f55bbff1b8fb9d68ef
-
Size
8.8MB
-
Sample
211222-rayrbagcbl
-
MD5
dc6b95b7a8982094af1c30e8c79aa1e4
-
SHA1
7c04bb06429040e3ed91d007f38b644df2bea45f
-
SHA256
2b53806e26eb21a166411ca916ec0efe5f1c2623d73fb6f55bbff1b8fb9d68ef
-
SHA512
f0034093689df9df9975e73b16fe0ec361737ab2a3525f0e2836b5cbc29da1eeb740ebcd3f4b9e36f82be95bfc5a97d2c083013ef3e0ad6f41cc86db25aae4d3
Static task
static1
Malware Config
Targets
-
-
Target
2b53806e26eb21a166411ca916ec0efe5f1c2623d73fb6f55bbff1b8fb9d68ef
-
Size
8.8MB
-
MD5
dc6b95b7a8982094af1c30e8c79aa1e4
-
SHA1
7c04bb06429040e3ed91d007f38b644df2bea45f
-
SHA256
2b53806e26eb21a166411ca916ec0efe5f1c2623d73fb6f55bbff1b8fb9d68ef
-
SHA512
f0034093689df9df9975e73b16fe0ec361737ab2a3525f0e2836b5cbc29da1eeb740ebcd3f4b9e36f82be95bfc5a97d2c083013ef3e0ad6f41cc86db25aae4d3
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-