General
-
Target
cb83f7793fb45301ea771d25d9b47f50e00e9a0b2faf41f483dac3be63eeb15d
-
Size
3.4MB
-
Sample
220123-p413esgae3
-
MD5
ee0f6009d040280e5b70a11f597faae5
-
SHA1
04153d81ab5b38e70525120815ed67b41e33610b
-
SHA256
cb83f7793fb45301ea771d25d9b47f50e00e9a0b2faf41f483dac3be63eeb15d
-
SHA512
076e60218db84bf8a97522024b307b1e9c8a7709a9b9dd758103bcb2be4f5c48a046027087c2b8dbaeaea8879ebffbc0a08ded9940a42213a405b0563610b447
Static task
static1
Malware Config
Targets
-
-
Target
cb83f7793fb45301ea771d25d9b47f50e00e9a0b2faf41f483dac3be63eeb15d
-
Size
3.4MB
-
MD5
ee0f6009d040280e5b70a11f597faae5
-
SHA1
04153d81ab5b38e70525120815ed67b41e33610b
-
SHA256
cb83f7793fb45301ea771d25d9b47f50e00e9a0b2faf41f483dac3be63eeb15d
-
SHA512
076e60218db84bf8a97522024b307b1e9c8a7709a9b9dd758103bcb2be4f5c48a046027087c2b8dbaeaea8879ebffbc0a08ded9940a42213a405b0563610b447
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-