General
-
Target
5d78b8a09809b8d1b9974a27b55c9c71ce2aa8cc6846ba5cb9115b8ce44a14cf
-
Size
2.7MB
-
Sample
211229-y4swgsfca9
-
MD5
6f4c94326104917216f67d8511b58e76
-
SHA1
2cece96508040c197e778832ff4df1768b87479f
-
SHA256
5d78b8a09809b8d1b9974a27b55c9c71ce2aa8cc6846ba5cb9115b8ce44a14cf
-
SHA512
c51bf945e1435c6aab82544fb80854f00823bbc57d78b045da6ec70a9c44e9269f9080f85465fe6a10f69052c2a17f126dd75efd376c7ee169f5d9af4a9e9969
Static task
static1
Malware Config
Targets
-
-
Target
5d78b8a09809b8d1b9974a27b55c9c71ce2aa8cc6846ba5cb9115b8ce44a14cf
-
Size
2.7MB
-
MD5
6f4c94326104917216f67d8511b58e76
-
SHA1
2cece96508040c197e778832ff4df1768b87479f
-
SHA256
5d78b8a09809b8d1b9974a27b55c9c71ce2aa8cc6846ba5cb9115b8ce44a14cf
-
SHA512
c51bf945e1435c6aab82544fb80854f00823bbc57d78b045da6ec70a9c44e9269f9080f85465fe6a10f69052c2a17f126dd75efd376c7ee169f5d9af4a9e9969
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-