General
-
Target
barmah.exe
-
Size
2.7MB
-
Sample
220112-tl7vgadcck
-
MD5
d76400dad2cadeb3286be0c4e718a59d
-
SHA1
66fa13b42e83977c7af21bd8ade6441482cd85c3
-
SHA256
311d1144d3a08d1c4cc51d96d7aaee06fddb0cb48885032fed61e436189ac0a3
-
SHA512
5ac3924adabb50590dc1cd7928cab4c8c695ce0ad1e2ad8be59cca3b615c392e86c666528e5ae5bba7cfe9d28fb4375ab05ff87566abd90f0cd9bf6a7c4ad91e
Static task
static1
Malware Config
Targets
-
-
Target
barmah.exe
-
Size
2.7MB
-
MD5
d76400dad2cadeb3286be0c4e718a59d
-
SHA1
66fa13b42e83977c7af21bd8ade6441482cd85c3
-
SHA256
311d1144d3a08d1c4cc51d96d7aaee06fddb0cb48885032fed61e436189ac0a3
-
SHA512
5ac3924adabb50590dc1cd7928cab4c8c695ce0ad1e2ad8be59cca3b615c392e86c666528e5ae5bba7cfe9d28fb4375ab05ff87566abd90f0cd9bf6a7c4ad91e
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-