General
-
Target
60c546941d7f705156881e6776c482c50f133d54ba520436291695fd39bff8bb
-
Size
2.7MB
-
Sample
220107-v2he7aced5
-
MD5
13ec5227fe52bcf2fc8ca6b1dcc07641
-
SHA1
21a546771c1acdde48a8be21081ce0ae1e376bfb
-
SHA256
60c546941d7f705156881e6776c482c50f133d54ba520436291695fd39bff8bb
-
SHA512
bcd479d71b5f7a8a294d647f66ba2c7670c39270142bb86cf96a8ffb97a7d5dcefb654c29c926fd2f43917a7da9ca11215012e5a109aad6062ef9e9e65355928
Static task
static1
Malware Config
Targets
-
-
Target
60c546941d7f705156881e6776c482c50f133d54ba520436291695fd39bff8bb
-
Size
2.7MB
-
MD5
13ec5227fe52bcf2fc8ca6b1dcc07641
-
SHA1
21a546771c1acdde48a8be21081ce0ae1e376bfb
-
SHA256
60c546941d7f705156881e6776c482c50f133d54ba520436291695fd39bff8bb
-
SHA512
bcd479d71b5f7a8a294d647f66ba2c7670c39270142bb86cf96a8ffb97a7d5dcefb654c29c926fd2f43917a7da9ca11215012e5a109aad6062ef9e9e65355928
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-