General
-
Target
1a35ad3297d0ca9af31356f34f7b0c303ee19b52ecc4bfd249d806aa2bf7b072
-
Size
4.5MB
-
Sample
220209-t4xgfsbbcr
-
MD5
7439ec7a2f65cd1a988e4e2cda98b0fc
-
SHA1
23bc5a06e572362cf143f5580897336f609cf373
-
SHA256
1a35ad3297d0ca9af31356f34f7b0c303ee19b52ecc4bfd249d806aa2bf7b072
-
SHA512
20fbfe209431f9195d19677fd0664b610ef11238afcfb4619416553c4f48a3f228d97b9376ea96be811af7bc781151c2c1b2fcde2063877cfdc76fd2d703f8d2
Static task
static1
Behavioral task
behavioral1
Sample
1a35ad3297d0ca9af31356f34f7b0c303ee19b52ecc4bfd249d806aa2bf7b072.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
1a35ad3297d0ca9af31356f34f7b0c303ee19b52ecc4bfd249d806aa2bf7b072
-
Size
4.5MB
-
MD5
7439ec7a2f65cd1a988e4e2cda98b0fc
-
SHA1
23bc5a06e572362cf143f5580897336f609cf373
-
SHA256
1a35ad3297d0ca9af31356f34f7b0c303ee19b52ecc4bfd249d806aa2bf7b072
-
SHA512
20fbfe209431f9195d19677fd0664b610ef11238afcfb4619416553c4f48a3f228d97b9376ea96be811af7bc781151c2c1b2fcde2063877cfdc76fd2d703f8d2
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-