General
-
Target
8ff3f51776ed5ef872a5e69f6c641503
-
Size
2.7MB
-
Sample
220123-yvzmnsgchn
-
MD5
8ff3f51776ed5ef872a5e69f6c641503
-
SHA1
109691db87426c824f806c13320fd1220303e488
-
SHA256
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
SHA512
b0d294731a129c4f42a9ce1b9eb6f3bcf8283f41abcbb82999a46844501c1f2d051518074d056919ed5566dff42fc90a03909f7c23d6a17478a0a7b7da1277e4
Static task
static1
Behavioral task
behavioral1
Sample
8ff3f51776ed5ef872a5e69f6c641503.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
8ff3f51776ed5ef872a5e69f6c641503
-
Size
2.7MB
-
MD5
8ff3f51776ed5ef872a5e69f6c641503
-
SHA1
109691db87426c824f806c13320fd1220303e488
-
SHA256
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
SHA512
b0d294731a129c4f42a9ce1b9eb6f3bcf8283f41abcbb82999a46844501c1f2d051518074d056919ed5566dff42fc90a03909f7c23d6a17478a0a7b7da1277e4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-