General
-
Target
tmp/b8298fff-073a-4228-8b37-4b0f43e8cbc4_new.exe
-
Size
2.0MB
-
Sample
211226-vklfhsaccj
-
MD5
37f93749f0477272bc02e501306a060b
-
SHA1
b9feb01ca04c31c105290a9658f58f86bc6f06a0
-
SHA256
c675a6e0f3af9df79a91b87a54ed211c17157aa13489cc8d6df49e207f9e30af
-
SHA512
624cbaac00409782f699aad808b0e602334bb6fa206c66d0e375e581e270633a88f2ee397952734a915619bb7607ff187b446f112e05bb2404a45d2416842e94
Static task
static1
Behavioral task
behavioral1
Sample
tmp/b8298fff-073a-4228-8b37-4b0f43e8cbc4_new.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
tmp/b8298fff-073a-4228-8b37-4b0f43e8cbc4_new.exe
-
Size
2.0MB
-
MD5
37f93749f0477272bc02e501306a060b
-
SHA1
b9feb01ca04c31c105290a9658f58f86bc6f06a0
-
SHA256
c675a6e0f3af9df79a91b87a54ed211c17157aa13489cc8d6df49e207f9e30af
-
SHA512
624cbaac00409782f699aad808b0e602334bb6fa206c66d0e375e581e270633a88f2ee397952734a915619bb7607ff187b446f112e05bb2404a45d2416842e94
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-