General
-
Target
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
-
Size
3.3MB
-
Sample
220116-v2zz8sfge3
-
MD5
8ddcc8ad6802a33161e5364090d0ba1b
-
SHA1
a66c8944d6e03c9b310777d805fe81e0cfadb86d
-
SHA256
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
-
SHA512
102932bce97e585c0dc895187407989b05ca599c31e8b48b20e26ac95ae47e37677f9a0cf625263a21bde9b5cab4abd5badcb39e72a249727a161524e8da322a
Static task
static1
Malware Config
Targets
-
-
Target
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
-
Size
3.3MB
-
MD5
8ddcc8ad6802a33161e5364090d0ba1b
-
SHA1
a66c8944d6e03c9b310777d805fe81e0cfadb86d
-
SHA256
1aee4c720519283ec2e6518005d3c22b8b1ddd2dad105060bb707dd867a90781
-
SHA512
102932bce97e585c0dc895187407989b05ca599c31e8b48b20e26ac95ae47e37677f9a0cf625263a21bde9b5cab4abd5badcb39e72a249727a161524e8da322a
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-