General
-
Target
81b4b30e724c560ae1d6fd45c900c314ed5fc295fa86d86c568e07f767953832
-
Size
2.7MB
-
Sample
220111-ya5yyshbgj
-
MD5
7ba265564f727b1ef0e3b0e493e8eb50
-
SHA1
7b9e7ca3e4d0dd8d521ded6fdd7b769747158e23
-
SHA256
81b4b30e724c560ae1d6fd45c900c314ed5fc295fa86d86c568e07f767953832
-
SHA512
d648881cb8b77dc29d1d8380ae8db63aec7ea1b4e5e90bd8299d2bf51613aee509114e3f9eba7250466b430ce1a42c2f16869634417c34d612bbb85c7732f158
Static task
static1
Malware Config
Targets
-
-
Target
81b4b30e724c560ae1d6fd45c900c314ed5fc295fa86d86c568e07f767953832
-
Size
2.7MB
-
MD5
7ba265564f727b1ef0e3b0e493e8eb50
-
SHA1
7b9e7ca3e4d0dd8d521ded6fdd7b769747158e23
-
SHA256
81b4b30e724c560ae1d6fd45c900c314ed5fc295fa86d86c568e07f767953832
-
SHA512
d648881cb8b77dc29d1d8380ae8db63aec7ea1b4e5e90bd8299d2bf51613aee509114e3f9eba7250466b430ce1a42c2f16869634417c34d612bbb85c7732f158
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-