General
-
Target
47fc82f745787ef02d2e51a15e7ce14ab2a1a278b82a49840a48cc337782aac1
-
Size
4.0MB
-
Sample
220104-mcjb7aagam
-
MD5
897502356def468c85b24a68759bcc7e
-
SHA1
582e2bc638a2674aad18f61f620f1523dc8c574f
-
SHA256
47fc82f745787ef02d2e51a15e7ce14ab2a1a278b82a49840a48cc337782aac1
-
SHA512
ee1f1ccc2dd5594a4ef3aff25bb9642f2b9c2baff093c571801f19876535354c1364c207919f1b9d519ce5adcc07913adf74e7682999f64205253b2c274f4edb
Static task
static1
Malware Config
Targets
-
-
Target
47fc82f745787ef02d2e51a15e7ce14ab2a1a278b82a49840a48cc337782aac1
-
Size
4.0MB
-
MD5
897502356def468c85b24a68759bcc7e
-
SHA1
582e2bc638a2674aad18f61f620f1523dc8c574f
-
SHA256
47fc82f745787ef02d2e51a15e7ce14ab2a1a278b82a49840a48cc337782aac1
-
SHA512
ee1f1ccc2dd5594a4ef3aff25bb9642f2b9c2baff093c571801f19876535354c1364c207919f1b9d519ce5adcc07913adf74e7682999f64205253b2c274f4edb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-