General
-
Target
832eb9dbb4e95afbd2684775acc9b7dc8014e997708262e2dc5176291cf91d6d
-
Size
2.7MB
-
Sample
220107-n4wl9scbf7
-
MD5
31e4fa459d9d58e6685cf2b7e04c6cee
-
SHA1
8de71a33f2e8e4e54afdb4a7c0865dcf2ac0165c
-
SHA256
832eb9dbb4e95afbd2684775acc9b7dc8014e997708262e2dc5176291cf91d6d
-
SHA512
080079617a353f995976ff24f8d409606b9511b517b291b016701726765201b5b0020c13429a595318bb5b042eec04f3f2e0100c298771a9ac9f08368ff5887c
Static task
static1
Malware Config
Targets
-
-
Target
832eb9dbb4e95afbd2684775acc9b7dc8014e997708262e2dc5176291cf91d6d
-
Size
2.7MB
-
MD5
31e4fa459d9d58e6685cf2b7e04c6cee
-
SHA1
8de71a33f2e8e4e54afdb4a7c0865dcf2ac0165c
-
SHA256
832eb9dbb4e95afbd2684775acc9b7dc8014e997708262e2dc5176291cf91d6d
-
SHA512
080079617a353f995976ff24f8d409606b9511b517b291b016701726765201b5b0020c13429a595318bb5b042eec04f3f2e0100c298771a9ac9f08368ff5887c
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-