General
-
Target
979f89ce6f387df3ca9b11f84e522aeb
-
Size
5.7MB
-
Sample
220205-s9ctkadbem
-
MD5
979f89ce6f387df3ca9b11f84e522aeb
-
SHA1
8aaafa11630b43bd7e3038844d0e4c91c58ff1f8
-
SHA256
667886b0ff35cefcc45ccb1c78e6738fa1203d439d0ddadebd36c31d61dde885
-
SHA512
26dbfb113292348f7ac9f07c3ffb28ac61c9b34cb75ad422121dafef674e0b5e5c4166b2af8becd3e417b7167a06efda29d1b3974c774b3fb39a7322094174a5
Static task
static1
Behavioral task
behavioral1
Sample
979f89ce6f387df3ca9b11f84e522aeb.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
979f89ce6f387df3ca9b11f84e522aeb
-
Size
5.7MB
-
MD5
979f89ce6f387df3ca9b11f84e522aeb
-
SHA1
8aaafa11630b43bd7e3038844d0e4c91c58ff1f8
-
SHA256
667886b0ff35cefcc45ccb1c78e6738fa1203d439d0ddadebd36c31d61dde885
-
SHA512
26dbfb113292348f7ac9f07c3ffb28ac61c9b34cb75ad422121dafef674e0b5e5c4166b2af8becd3e417b7167a06efda29d1b3974c774b3fb39a7322094174a5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-