General
-
Target
4cb14310032646aa12ba1aa543190f247b2024e9d7ba9d9a50b2cd54eb2dcf94
-
Size
2.9MB
-
Sample
211230-gexppsfeg7
-
MD5
af30134001f717575cc93f10ed760f4a
-
SHA1
79fbb34520c8658dfca24c567fb3a7feaacaa2f4
-
SHA256
4cb14310032646aa12ba1aa543190f247b2024e9d7ba9d9a50b2cd54eb2dcf94
-
SHA512
970d29494a49b6ba470f51f5f2aaae88164e845adaa8cd2c909780c72a9282ccbfe46b4d053505ec95df1c9cee83da6ddb0bb1bca9d164bf72e8ace9e7d54f23
Static task
static1
Malware Config
Targets
-
-
Target
4cb14310032646aa12ba1aa543190f247b2024e9d7ba9d9a50b2cd54eb2dcf94
-
Size
2.9MB
-
MD5
af30134001f717575cc93f10ed760f4a
-
SHA1
79fbb34520c8658dfca24c567fb3a7feaacaa2f4
-
SHA256
4cb14310032646aa12ba1aa543190f247b2024e9d7ba9d9a50b2cd54eb2dcf94
-
SHA512
970d29494a49b6ba470f51f5f2aaae88164e845adaa8cd2c909780c72a9282ccbfe46b4d053505ec95df1c9cee83da6ddb0bb1bca9d164bf72e8ace9e7d54f23
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-