General
-
Target
2203c3e9a0f743396ce7aeed750ebb37fbe148682f77312e81867cc1a3647293
-
Size
2.6MB
-
Sample
211230-v5xz2sgbb2
-
MD5
1900d21748f27ab812ec576f82a970d1
-
SHA1
fa5135eab9dd9e88e936b807bd403998b3f56f18
-
SHA256
2203c3e9a0f743396ce7aeed750ebb37fbe148682f77312e81867cc1a3647293
-
SHA512
8dc2d7929d58883bbee1caeace15ade63e7b371374ffcf95f21e2301c955fe5ad87f70858a9f655ab3fb70a7f7f8d0b4218ae35a2572ed09bfaead2cbd003bc7
Static task
static1
Malware Config
Targets
-
-
Target
2203c3e9a0f743396ce7aeed750ebb37fbe148682f77312e81867cc1a3647293
-
Size
2.6MB
-
MD5
1900d21748f27ab812ec576f82a970d1
-
SHA1
fa5135eab9dd9e88e936b807bd403998b3f56f18
-
SHA256
2203c3e9a0f743396ce7aeed750ebb37fbe148682f77312e81867cc1a3647293
-
SHA512
8dc2d7929d58883bbee1caeace15ade63e7b371374ffcf95f21e2301c955fe5ad87f70858a9f655ab3fb70a7f7f8d0b4218ae35a2572ed09bfaead2cbd003bc7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-