General
-
Target
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
Size
2.7MB
-
Sample
220123-yzvvaagdal
-
MD5
8ff3f51776ed5ef872a5e69f6c641503
-
SHA1
109691db87426c824f806c13320fd1220303e488
-
SHA256
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
SHA512
b0d294731a129c4f42a9ce1b9eb6f3bcf8283f41abcbb82999a46844501c1f2d051518074d056919ed5566dff42fc90a03909f7c23d6a17478a0a7b7da1277e4
Static task
static1
Behavioral task
behavioral1
Sample
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
Size
2.7MB
-
MD5
8ff3f51776ed5ef872a5e69f6c641503
-
SHA1
109691db87426c824f806c13320fd1220303e488
-
SHA256
d230980a059638f28c204c2d94839c60bea25cd9332a52b4ea66e340e2923950
-
SHA512
b0d294731a129c4f42a9ce1b9eb6f3bcf8283f41abcbb82999a46844501c1f2d051518074d056919ed5566dff42fc90a03909f7c23d6a17478a0a7b7da1277e4
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-