General
-
Target
eb83e59871c2a401085cca68106d582f
-
Size
5.7MB
-
Sample
220205-tj34hadad2
-
MD5
eb83e59871c2a401085cca68106d582f
-
SHA1
e18a82d4872fb21d7468a1bf637623400ffecc3e
-
SHA256
56719990cf05483cd79512ca1d376baca27c1364fe110a6f9ea23cd53f8dcdeb
-
SHA512
d38d600327d413fd06c9dda21f1cc25c2708e53218be1a367fb4d1a1ac2c6ade60db464f2da43a48eb47b619bf913b49175d155d193eade167b5e56d6663c60d
Static task
static1
Behavioral task
behavioral1
Sample
eb83e59871c2a401085cca68106d582f.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
eb83e59871c2a401085cca68106d582f
-
Size
5.7MB
-
MD5
eb83e59871c2a401085cca68106d582f
-
SHA1
e18a82d4872fb21d7468a1bf637623400ffecc3e
-
SHA256
56719990cf05483cd79512ca1d376baca27c1364fe110a6f9ea23cd53f8dcdeb
-
SHA512
d38d600327d413fd06c9dda21f1cc25c2708e53218be1a367fb4d1a1ac2c6ade60db464f2da43a48eb47b619bf913b49175d155d193eade167b5e56d6663c60d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-