General
-
Target
c28c72944827aecc6e64211f91d082cd.exe
-
Size
2.0MB
-
Sample
220203-ktdrxsegam
-
MD5
c28c72944827aecc6e64211f91d082cd
-
SHA1
478e292f63cacdc9d43e095ce5ef7a3accb68cde
-
SHA256
4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3
-
SHA512
d314b1b5ae22e8b75bb541adaba41f2f8d78bef3ee9274bb09336bc31a7ced83d9331525ebe519a02aebe6f7934ce85dd41fce1ca28cbdfa0bb7e123336573a7
Static task
static1
Behavioral task
behavioral1
Sample
c28c72944827aecc6e64211f91d082cd.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
c28c72944827aecc6e64211f91d082cd.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
c28c72944827aecc6e64211f91d082cd.exe
-
Size
2.0MB
-
MD5
c28c72944827aecc6e64211f91d082cd
-
SHA1
478e292f63cacdc9d43e095ce5ef7a3accb68cde
-
SHA256
4f8fd85bcb3dbb5d82d3194a2ac9742a8f0696685b69d425b1384d29e2260bf3
-
SHA512
d314b1b5ae22e8b75bb541adaba41f2f8d78bef3ee9274bb09336bc31a7ced83d9331525ebe519a02aebe6f7934ce85dd41fce1ca28cbdfa0bb7e123336573a7
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-