General
-
Target
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
-
Size
3.2MB
-
Sample
220116-jnzxjafcf4
-
MD5
978b7f1dba9746c29ac4b61bc219bd7b
-
SHA1
f498e5ebf211bace3e027a1596edfdcf7900317c
-
SHA256
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
-
SHA512
dbdba57e4af16966d814bb0fafec867be05dd33381ab3140cb99249a7df57f7a09f69bdec5909d00a7268fda7574be3e738561bf094b211e3e9d5c6fb126da08
Static task
static1
Malware Config
Targets
-
-
Target
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
-
Size
3.2MB
-
MD5
978b7f1dba9746c29ac4b61bc219bd7b
-
SHA1
f498e5ebf211bace3e027a1596edfdcf7900317c
-
SHA256
e36e717ad1f661f695e905d457dba6729aa238c0da051893ebec1429e042ddf7
-
SHA512
dbdba57e4af16966d814bb0fafec867be05dd33381ab3140cb99249a7df57f7a09f69bdec5909d00a7268fda7574be3e738561bf094b211e3e9d5c6fb126da08
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-