General
-
Target
f1938d9717f80620d107dc2184d00b44eed5efebb7a3b023dbb5f09b2e8e6d28
-
Size
2.6MB
-
Sample
220109-v2h2qaeaak
-
MD5
589e559a740319a2b91c42f3b3bc27bc
-
SHA1
f1c7266f77fa1c528ac057c3102fe03c58ed517b
-
SHA256
f1938d9717f80620d107dc2184d00b44eed5efebb7a3b023dbb5f09b2e8e6d28
-
SHA512
584cbabe8e7631f70c407761fe6dc761bccde4cfd75534c9ddda4cd1fd66ad9d2f0baba30dd96c6c329cb573877058fe36b6ee1fa574f178cc78ae5fa2154f18
Static task
static1
Malware Config
Targets
-
-
Target
f1938d9717f80620d107dc2184d00b44eed5efebb7a3b023dbb5f09b2e8e6d28
-
Size
2.6MB
-
MD5
589e559a740319a2b91c42f3b3bc27bc
-
SHA1
f1c7266f77fa1c528ac057c3102fe03c58ed517b
-
SHA256
f1938d9717f80620d107dc2184d00b44eed5efebb7a3b023dbb5f09b2e8e6d28
-
SHA512
584cbabe8e7631f70c407761fe6dc761bccde4cfd75534c9ddda4cd1fd66ad9d2f0baba30dd96c6c329cb573877058fe36b6ee1fa574f178cc78ae5fa2154f18
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-