General
-
Target
80805036184d9ff94a32bad39ba0a553.exe
-
Size
3.4MB
-
Sample
220212-jcc9dsheg5
-
MD5
80805036184d9ff94a32bad39ba0a553
-
SHA1
4dfa5e8254755da7c2c589efb7467bd0b67aaa98
-
SHA256
6c334c7c715f8385c04cc37cf4ee14760c2683a23e3e5c5164f4cbe4ec0988d1
-
SHA512
b50455b82b1cef724dc3e6987976d8f3cd31bc5196a8cc1f6a941fe14e4486fa2cec4501560a5c2395bdceecc16ea074fe72901a3ed58da379befdadceb3104b
Static task
static1
Behavioral task
behavioral1
Sample
80805036184d9ff94a32bad39ba0a553.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
80805036184d9ff94a32bad39ba0a553.exe
-
Size
3.4MB
-
MD5
80805036184d9ff94a32bad39ba0a553
-
SHA1
4dfa5e8254755da7c2c589efb7467bd0b67aaa98
-
SHA256
6c334c7c715f8385c04cc37cf4ee14760c2683a23e3e5c5164f4cbe4ec0988d1
-
SHA512
b50455b82b1cef724dc3e6987976d8f3cd31bc5196a8cc1f6a941fe14e4486fa2cec4501560a5c2395bdceecc16ea074fe72901a3ed58da379befdadceb3104b
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-