General
-
Target
4bb5aa42937187857a805d5405fbb0d82a49dde621e25b9dce74ed644393a471
-
Size
2.9MB
-
Sample
211228-yck2kaebb8
-
MD5
f1dffa9fa58dab25262df38fef206123
-
SHA1
4f0771b244ed3b106ecb7e42a355dda964d5aebb
-
SHA256
4bb5aa42937187857a805d5405fbb0d82a49dde621e25b9dce74ed644393a471
-
SHA512
369bf66442159d2e5b0b15cc2c9651931d53a4c836ced124029c7ddb250ce208b841acfa4a190d9c5bdc1b69d93af83d47b260fefc6bb8bdd62ea9f9259354f4
Static task
static1
Malware Config
Targets
-
-
Target
4bb5aa42937187857a805d5405fbb0d82a49dde621e25b9dce74ed644393a471
-
Size
2.9MB
-
MD5
f1dffa9fa58dab25262df38fef206123
-
SHA1
4f0771b244ed3b106ecb7e42a355dda964d5aebb
-
SHA256
4bb5aa42937187857a805d5405fbb0d82a49dde621e25b9dce74ed644393a471
-
SHA512
369bf66442159d2e5b0b15cc2c9651931d53a4c836ced124029c7ddb250ce208b841acfa4a190d9c5bdc1b69d93af83d47b260fefc6bb8bdd62ea9f9259354f4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-