General
-
Target
GhostDbD.exe
-
Size
7.7MB
-
Sample
211227-p9cl1scfe4
-
MD5
182042a7af19081451220fa1475b146b
-
SHA1
223dbee35e6138a8d63a1dcf0e9167ddf06eecb7
-
SHA256
c175b965e61f8406f064adf209c5f675b4260f3fd01a81cf574611030cdd0799
-
SHA512
5de061f6f73276098322b43ec8f71f9fe80a2f089dd55cc6b0d969b93fa03f8bee34a54c7d32d83fcb2a6c5b8c24aea16fda2404b65733b81e8a1d849d347835
Static task
static1
Malware Config
Targets
-
-
Target
GhostDbD.exe
-
Size
7.7MB
-
MD5
182042a7af19081451220fa1475b146b
-
SHA1
223dbee35e6138a8d63a1dcf0e9167ddf06eecb7
-
SHA256
c175b965e61f8406f064adf209c5f675b4260f3fd01a81cf574611030cdd0799
-
SHA512
5de061f6f73276098322b43ec8f71f9fe80a2f089dd55cc6b0d969b93fa03f8bee34a54c7d32d83fcb2a6c5b8c24aea16fda2404b65733b81e8a1d849d347835
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-