General
-
Target
fd8dec0ae0f21544640589d89a8cf1eeb61fb4c37da206e51be20248aa0d85f6
-
Size
2.6MB
-
Sample
211227-v3nnladaa4
-
MD5
80a0a602ebe77861d4e00590e219d760
-
SHA1
ebc78b8a2442d821553975ef9f5f220da93fe808
-
SHA256
fd8dec0ae0f21544640589d89a8cf1eeb61fb4c37da206e51be20248aa0d85f6
-
SHA512
28d6572743e2881c11e629f34219471cda7a9975f70efa5442b56f1973b1f9e6062cc6f6d2dadfa253ffc0cabad2e3f7d420c595109e39994f120a952e119bba
Static task
static1
Malware Config
Targets
-
-
Target
fd8dec0ae0f21544640589d89a8cf1eeb61fb4c37da206e51be20248aa0d85f6
-
Size
2.6MB
-
MD5
80a0a602ebe77861d4e00590e219d760
-
SHA1
ebc78b8a2442d821553975ef9f5f220da93fe808
-
SHA256
fd8dec0ae0f21544640589d89a8cf1eeb61fb4c37da206e51be20248aa0d85f6
-
SHA512
28d6572743e2881c11e629f34219471cda7a9975f70efa5442b56f1973b1f9e6062cc6f6d2dadfa253ffc0cabad2e3f7d420c595109e39994f120a952e119bba
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-