General
-
Target
b4c2a3b83c21343b81fcecfe1c828126017faed52fb990a4531ba04ad92dddb9
-
Size
2.6MB
-
Sample
220212-bd4hzafgfr
-
MD5
0dc555d4301c1c53ec92326e3f8a8d57
-
SHA1
1b3d5e36dda0e2417f4d0cadd3955c5343154041
-
SHA256
b4c2a3b83c21343b81fcecfe1c828126017faed52fb990a4531ba04ad92dddb9
-
SHA512
9e8ce3992d924715e955fb455c5ad1c455c5d21982f806b9db24833cdc76a0e563bf5bda7b4192a342283eafb0bd8a5f92a3a5602d5d7f8aa95e2010c66f9491
Static task
static1
Behavioral task
behavioral1
Sample
b4c2a3b83c21343b81fcecfe1c828126017faed52fb990a4531ba04ad92dddb9.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
b4c2a3b83c21343b81fcecfe1c828126017faed52fb990a4531ba04ad92dddb9
-
Size
2.6MB
-
MD5
0dc555d4301c1c53ec92326e3f8a8d57
-
SHA1
1b3d5e36dda0e2417f4d0cadd3955c5343154041
-
SHA256
b4c2a3b83c21343b81fcecfe1c828126017faed52fb990a4531ba04ad92dddb9
-
SHA512
9e8ce3992d924715e955fb455c5ad1c455c5d21982f806b9db24833cdc76a0e563bf5bda7b4192a342283eafb0bd8a5f92a3a5602d5d7f8aa95e2010c66f9491
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-